Trojaner-Board - einschätzung malware-log

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - einschätzung malware-log (https://www.trojaner-board.de/110208-einschaetzung-malware-log.html)

einschätzung malware-log

Hey Leute,
versuche gerade einen Rechner etwas herzurichten. Hab malware ausgeführt und folgende log erhalten. wollte gern wissen, ob irgendwas beunruhigendes herausgelesen werden kann.

Datenbank Version: v2012.02.20.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Julchen :: JULCHEN-PC [Administrator]

Schutz: Aktiviert

20.02.2012 15:26:09
mbam-log-2012-02-20 (15-26-09).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 195376
Laufzeit: 7 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Program Files\Application Updater\ApplicationUpdater.exe (PUP.Dealio.TB) -> 1888 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio.TB) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio.TB) -> Daten: 1 -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{729C39E9-6A9B-796A-6EAC-8B97FA342916} (Trojan.ZbotR.Gen) -> Daten: C:\Users\Julchen\AppData\Roaming\Exovy\rexe.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files\Application Updater\ApplicationUpdater.exe (PUP.Dealio.TB) -> Löschen bei Neustart.

(Ende)

danke schon mal!

Da ist auf jeden Fall Malware drauf aktiv gewesen. Was wurde noch entfernt und womit?

Bisher hab ich nichts weiter laufen lassen. Schlage mich gerade mit den windows-updates herum. Da kommt es immer wieder zu Fehlern. Soll ich mal die otl.exe laufen lassen und den log posten?

danke schonmal für die Hilfe!

lg jan

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hey,
hier der log von malware

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.02.21.02
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 7.0.6002.18005

Julchen :: JULCHEN-PC [Administrator]
 

Schutz: Deaktiviert
 

21.02.2012 14:03:36

mbam-log-2012-02-21 (14-03-36).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 358942

Laufzeit: 3 Stunde(n), 27 Minute(n), 57 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

und hier die log von eset

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=3f8f1b50d1c0d744a38ca078cc3dcd65

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-21 04:13:02

# local_time=2012-02-21 05:13:02 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1797 16775165 100 100 337294 105345251 80072 0

# compatibility_mode=5892 16776574 100 95 75751378 167362672 0 0

# compatibility_mode=8192 67108863 100 0 3766 3766 0 0

# scanned=173507

# found=9

# cleaned=0

# scan_time=10839

C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe        Variante von Win32/Adware.Toolbar.Dealio Anwendung (Säubern nicht möglich)        00000000000000000000000000000000        I

C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll        Variante von Win32/Adware.Toolbar.Dealio Anwendung (Säubern nicht möglich)        00000000000000000000000000000000        I

C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10        Variante von Win32/Adware.Toolbar.Dealio Anwendung (Säubern nicht möglich)        00000000000000000000000000000000        I

C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5        Variante von Win32/Adware.Toolbar.Dealio Anwendung (Säubern nicht möglich)        00000000000000000000000000000000        I

C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6        Variante von Win32/Adware.Toolbar.Dealio Anwendung (Säubern nicht möglich)        00000000000000000000000000000000        I

C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7        Variante von Win32/Adware.Toolbar.Dealio Anwendung (Säubern nicht möglich)        00000000000000000000000000000000        I

C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8        Variante von Win32/Adware.Toolbar.Dealio Anwendung (Säubern nicht möglich)        00000000000000000000000000000000        I

C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9        Variante von Win32/Adware.Toolbar.Dealio Anwendung (Säubern nicht möglich)        00000000000000000000000000000000        I

${Memory}        Variante von Win32/Adware.Toolbar.Dealio Anwendung        00000000000000000000000000000000        I

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hier ist die OTL-log

OTL Logfile:

Code:

OTL logfile created on: 21.02.2012 20:35:34 - Run 1

OTL by OldTimer - Version 3.2.33.1     Folder = C:\Users\\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,93 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 63,53% Memory free

6,06 Gb Paging File | 4,89 Gb Available in Paging File | 80,70% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 288,32 Gb Total Space | 93,16 Gb Free Space | 32,31% Space Free | Partition Type: NTFS

 

Computer Name:  | User Name:  | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.02.21 20:32:13 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\\Downloads\OTL.exe

PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe

PRC - [2009.08.05 22:10:48 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2009.05.15 21:39:46 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe

PRC - [2009.05.15 21:39:46 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe

PRC - [2009.05.15 21:39:44 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe

PRC - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2009.04.29 18:56:28 | 000,176,128 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Optical Drive Power Management\ODDPWR.exe

PRC - [2009.04.29 16:32:32 | 000,118,784 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe

PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.04.11 03:11:20 | 000,117,256 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\dsiwmis.exe

PRC - [2009.04.01 20:06:08 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

PRC - [2009.04.01 20:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2009.02.12 01:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009.02.12 01:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009.02.11 14:46:28 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\AcerVCM.exe

PRC - [2009.02.05 07:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe

PRC - [2008.10.27 11:05:28 | 000,306,736 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe

PRC - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe

PRC - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2008.07.29 18:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2009.02.02 16:33:56 | 000,460,199 | ---- | M] () -- C:\Programme\NewTech Infosystems\Acer Backup Manager\sqlite3.dll

MOD - [2008.07.29 18:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)

SRV - [2009.08.05 22:10:48 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009.05.15 21:39:46 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)

SRV - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009.04.29 16:32:32 | 000,118,784 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)

SRV - [2009.04.11 03:11:20 | 000,117,256 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService)

SRV - [2009.04.01 20:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2009.02.12 01:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

SRV - [2009.02.05 07:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)

SRV - [2008.10.27 11:05:28 | 000,306,736 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)

SRV - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2009.12.08 10:08:46 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009.09.28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2009.05.11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.04.01 20:54:44 | 000,050,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)

DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008.11.17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)

DRV - [2008.10.09 15:47:12 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV - [2008.10.09 15:47:12 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV - [2008.10.09 15:47:12 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV - [2008.09.22 14:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_4810t

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_4810t

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_4810t

IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]

IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]

IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)

IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3

FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.6

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4

FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.20 17:04:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.09 14:48:26 | 000,000,000 | ---D | M]

 

[2009.07.06 14:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Extensions

[2011.12.25 21:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\eyvlmz8i.default\extensions

[2011.12.10 14:15:17 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\eyvlmz8i.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

[2010.07.04 14:53:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\eyvlmz8i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.11.27 13:56:12 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\eyvlmz8i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.12.25 21:00:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\eyvlmz8i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012.02.17 16:47:56 | 000,000,950 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-1.xml

[2011.02.28 18:16:17 | 000,000,961 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-2.xml

[2011.03.30 18:37:57 | 000,000,961 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-3.xml

[2011.05.09 17:33:57 | 000,000,961 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-4.xml

[2011.09.09 14:49:39 | 000,000,950 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-5.xml

[2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin.xml

[2012.02.21 09:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.02.21 09:39:58 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.02.15 19:36:58 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM

[2011.12.22 23:57:52 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF

[2012.02.20 17:04:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2009.03.24 10:10:44 | 000,114,688 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll

[2012.02.15 19:36:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.02.15 19:36:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.02.15 19:36:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.02.15 19:36:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.02.15 19:36:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.15 19:36:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)

O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DBC965D-7897-4BF2-A434-36FF1340302A}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50FCC4B3-E330-40BD-9603-ED0FDB7FA090}: DhcpNameServer = 83.169.186.33 83.169.186.97

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{6245c649-7133-11de-974b-001f16a6eb44}\Shell - "" = AutoRun

O33 - MountPoints2\{6245c649-7133-11de-974b-001f16a6eb44}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a

O33 - MountPoints2\{b6eb309a-f961-11de-a818-001f16a6eb44}\Shell - "" = AutoRun

O33 - MountPoints2\{b6eb309a-f961-11de-a818-001f16a6eb44}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{c398a8dc-47e6-11df-93d0-0022fb601b06}\Shell - "" = AutoRun

O33 - MountPoints2\{c398a8dc-47e6-11df-93d0-0022fb601b06}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)

MsConfig - StartUpFolder: C:^Users^^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)

MsConfig - StartUpReg: EgisTecLiveUpdate - hkey= - key= - C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)

MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)

MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Programme\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig - StartUpReg: LManager - hkey= - key= - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)

MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

MsConfig - StartUpReg: mwlDaemon - hkey= - key= - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)

MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

MsConfig - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

MsConfig - State: "startup" - 2

MsConfig - State: "services" - 0

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.02.21 14:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.02.21 09:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012.02.20 17:16:48 | 000,000,000 | ---D | C] -- C:\Users\\Roaming

[2012.02.20 17:16:48 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\Intel

[2012.02.20 17:16:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming

[2012.02.20 17:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless

[2012.02.20 17:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco

[2012.02.20 17:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel

[2012.02.20 17:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel

[2012.02.20 15:25:02 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\Malwarebytes

[2012.02.20 15:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.02.20 15:24:01 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.02.20 15:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.02.02 12:21:41 | 000,000,000 | ---D | C] -- C:\Users\\Desktop\2012-02 (Feb)

[2011.02.11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

[2010.02.15 21:50:30 | 000,000,680 | ---- | C] () -- C:\Users\\AppData\Local\d3d9caps.dat

[2009.12.18 22:56:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009.07.06 19:20:09 | 000,013,312 | ---- | C] () -- C:\Users\\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.07.06 14:25:14 | 004,151,934 | -H-- | C] () -- C:\Users\\AppData\Local\IconCache.db

[2009.07.06 13:53:28 | 000,102,424 | ---- | C] () -- C:\Users\\AppData\Local\GDIPFONTCACHEV1.DAT

[3 C:\Users\\Documents\*.tmp files -> C:\Users\\Documents\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.02.21 20:33:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2752085062-1975141627-2355531261-1000UA.job

[2012.02.21 20:33:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.02.21 20:06:19 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.02.21 20:06:19 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.02.21 20:06:19 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.02.21 20:06:19 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.02.21 20:01:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.02.21 20:01:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.02.21 18:04:50 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.02.21 18:01:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.02.21 12:00:43 | 000,001,145 | ---- | M] () -- C:\WirelessDiagLog.csv

[2012.02.21 11:33:12 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2752085062-1975141627-2355531261-1000Core.job

[2012.02.20 17:57:26 | 000,131,072 | ---- | M] () -- C:\Windows\SPInstall.etl

[2012.02.20 16:16:12 | 000,000,134 | ---- | M] () -- C:\Users\\Desktop\Internet Explorer-Problembehebung.url

[2012.02.06 22:36:24 | 253,541,601 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012.01.25 19:02:47 | 000,187,543 | ---- | M] () -- C:\Users\\Desktop\Rette die Million.pdf

[3 C:\Users\\Documents\*.tmp files -> C:\Users\\Documents\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.02.21 11:57:53 | 000,001,145 | ---- | C] () -- C:\WirelessDiagLog.csv

[2012.02.20 17:46:53 | 000,131,072 | ---- | C] () -- C:\Windows\SPInstall.etl

[2012.02.20 16:16:12 | 000,000,134 | ---- | C] () -- C:\Users\\Desktop\Internet Explorer-Problembehebung.url

[2012.01.25 19:02:47 | 000,187,543 | ---- | C] () -- C:\Users\\Desktop\Rette die Million.pdf

[2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin

[2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin

[2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin

[2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

[2010.06.03 14:04:32 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

 
 ========== LOP Check ==========

 

[2009.04.08 19:21:40 | 000,000,000 | ---D | M] -- C:\Users\Dauksch\AppData\Roaming\Acer GameZone Console

[2009.04.08 19:21:40 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console

[2009.04.08 19:21:40 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console

[2009.07.06 15:27:00 | 000,000,000 | -HSD | M] -- C:\Users\\AppData\Roaming\.#

[2009.12.22 09:46:10 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Acer

[2009.04.08 19:21:40 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Acer GameZone Console

[2012.01.02 00:13:50 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Azureus

[2011.11.27 13:56:21 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\DVDVideoSoft

[2011.08.28 20:50:10 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\DVDVideoSoftIEHelpers

[2009.07.06 15:31:27 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\eSobi

[2011.10.28 04:16:48 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Exovy

[2012.02.21 09:17:18 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\go

[2011.08.26 11:18:55 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\gtk-2.0

[2012.02.21 16:57:32 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\ICQ

[2011.10.16 15:46:30 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\PhotoFiltre

[2010.07.30 14:55:09 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\PlayFirst

[2011.07.19 10:43:40 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Uwxabu

[2012.02.21 18:01:47 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2009.07.06 15:27:00 | 000,000,000 | -HSD | M] -- C:\Users\\AppData\Roaming\.#

[2009.12.22 09:46:10 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Acer

[2009.04.08 19:21:40 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Acer GameZone Console

[2009.07.07 17:01:56 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Adobe

[2011.08.31 11:21:17 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Apple Computer

[2012.01.02 00:13:50 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Azureus

[2010.01.04 22:43:19 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\DivX

[2012.01.10 12:22:01 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\dvdcss

[2011.11.27 13:56:21 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\DVDVideoSoft

[2011.08.28 20:50:10 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\DVDVideoSoftIEHelpers

[2009.07.06 15:31:27 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\eSobi

[2011.10.28 04:16:48 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Exovy

[2012.02.21 09:17:18 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\go

[2009.07.06 15:25:00 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Google

[2011.08.26 11:18:55 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\gtk-2.0

[2010.02.19 13:13:12 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\HP

[2012.02.21 16:57:32 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\ICQ

[2009.07.06 13:52:47 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Identities

[2012.02.20 17:16:48 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Intel

[2009.07.06 13:53:28 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Macromedia

[2012.02.20 15:25:02 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Malwarebytes

[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Media Center Programs

[2012.02.21 10:08:12 | 000,000,000 | --SD | M] -- C:\Users\\AppData\Roaming\Microsoft

[2010.03.29 20:29:47 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Move Networks

[2012.01.21 12:37:09 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Mozilla

[2011.10.16 15:46:30 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\PhotoFiltre

[2010.07.30 14:55:09 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\PlayFirst

[2012.02.21 20:32:36 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Skype

[2011.09.07 17:05:32 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\skypePM

[2012.01.13 18:57:36 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\U3

[2011.07.19 10:43:40 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Uwxabu

[2012.01.23 14:10:08 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\vlc

[2010.01.04 22:42:57 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2011.12.31 15:06:10 | 009,739,704 | ---- | M] (Vuze Inc.) -- C:\Users\\AppData\Roaming\Azureus\tmp\AZU38049.tmp\Vuze_4.7.0.2d_win32.exe

[2011.02.10 18:34:52 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

[2010.03.29 20:29:47 | 000,144,053 | ---- | M] () -- C:\Users\\AppData\Roaming\Move Networks\uninstall.exe

[2010.02.11 20:31:38 | 000,097,216 | ---- | M] () -- C:\Users\\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe

[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\\AppData\Roaming\U3\temp\cleanup.exe

[2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\\AppData\Roaming\U3\temp\Launchpad Removal.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2009.02.12 01:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2009.02.12 01:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009.02.12 01:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys

[2009.02.12 01:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2008.01.21 03:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll

[2008.01.21 03:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll

[2011.04.21 17:00:56 | 000,193,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:E1982A23

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:ABE89FFE

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:814B9485

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:3064D21D

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:DCAF903C

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:CDFF58FE

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:ADE16379

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3B3A35EC

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B623B5B8

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:4F636E25

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:35759C73

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:798A3728

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:41099CE9

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:9E22BBE8

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:BB24555F

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:B203B914
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_4810t

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_4810t

IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_4810t

IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]

IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]

IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/

IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"

FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.6

FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p="

[2010.07.04 14:53:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\eyvlmz8i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012.02.17 16:47:56 | 000,000,950 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-1.xml

[2011.02.28 18:16:17 | 000,000,961 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-2.xml

[2011.03.30 18:37:57 | 000,000,961 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-3.xml

[2011.05.09 17:33:57 | 000,000,961 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-4.xml

[2011.09.09 14:49:39 | 000,000,950 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-5.xml

[2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin.xml

[2012.02.15 19:36:58 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM

[2011.12.22 23:57:52 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)

O4 - HKLM..\Run: []  File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{6245c649-7133-11de-974b-001f16a6eb44}\Shell - "" = AutoRun

O33 - MountPoints2\{6245c649-7133-11de-974b-001f16a6eb44}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a

O33 - MountPoints2\{b6eb309a-f961-11de-a818-001f16a6eb44}\Shell - "" = AutoRun

O33 - MountPoints2\{b6eb309a-f961-11de-a818-001f16a6eb44}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{c398a8dc-47e6-11df-93d0-0022fb601b06}\Shell - "" = AutoRun

O33 - MountPoints2\{c398a8dc-47e6-11df-93d0-0022fb601b06}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

MsConfig - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:E1982A23

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:ABE89FFE

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:814B9485

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:3064D21D

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:DCAF903C

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:CDFF58FE

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:ADE16379

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3B3A35EC

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B623B5B8

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:4F636E25

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:35759C73

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:798A3728

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:41099CE9

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:9E22BBE8

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:BB24555F

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:B203B914

:Files

C:\Program Files\Common Files\Spigot

C:\PROGRAM FILES\PDFFORGE TOOLBAR

C:\Users\\AppData\Roaming\.#

C:\Users\\AppData\Roaming\Uwxabu

C:\Users\\AppData\Roaming\Exovy

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

puuuuh, ich hoffe ich habs richtig gemacht. hier die log:

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!

HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!

HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!

HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-21-2752085062-1975141627-2355531261-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-2752085062-1975141627-2355531261-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2752085062-1975141627-2355531261-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.

C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll moved successfully.

Prefs.js: "ICQ Search" removed from browser.search.defaultenginename

Prefs.js: "chr-greentree_ff&type=302398&ilc=12" removed from browser.search.param.yahoo-fr

Prefs.js: pdfforge@mybrowserbar.com:4.6 removed from extensions.enabledItems

Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=" removed from keyword.URL

C:\Users\xx\AppData\Roaming\mozilla\Firefox\Profiles\eyvlmz8i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.

C:\Users\xx\AppData\Roaming\mozilla\Firefox\Profiles\eyvlmz8i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.

C:\Users\xx\AppData\Roaming\mozilla\Firefox\Profiles\eyvlmz8i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.

Folder move failed. C:\Users\xx\AppData\Roaming\mozilla\Firefox\Profiles\eyvlmz8i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} scheduled to be moved on reboot.

C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-1.xml moved successfully.

C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-2.xml moved successfully.

C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-3.xml moved successfully.

C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-4.xml moved successfully.

C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin-5.xml moved successfully.

C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\searchplugins\icqplugin.xml moved successfully.

C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\components folder moved successfully.

C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM folder moved successfully.

C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\skin folder moved successfully.

C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\locale\EN-US folder moved successfully.

C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\locale folder moved successfully.

C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\content folder moved successfully.

C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome folder moved successfully.

C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF folder moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.

File C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.

File C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6245c649-7133-11de-974b-001f16a6eb44}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6245c649-7133-11de-974b-001f16a6eb44}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6245c649-7133-11de-974b-001f16a6eb44}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6245c649-7133-11de-974b-001f16a6eb44}\ not found.

File D:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6eb309a-f961-11de-a818-001f16a6eb44}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6eb309a-f961-11de-a818-001f16a6eb44}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6eb309a-f961-11de-a818-001f16a6eb44}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6eb309a-f961-11de-a818-001f16a6eb44}\ not found.

File F:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c398a8dc-47e6-11df-93d0-0022fb601b06}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c398a8dc-47e6-11df-93d0-0022fb601b06}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c398a8dc-47e6-11df-93d0-0022fb601b06}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c398a8dc-47e6-11df-93d0-0022fb601b06}\ not found.

File E:\LaunchU3.exe -a not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SearchSettings\ deleted successfully.

ADS C:\ProgramData\TEMP:E1982A23 deleted successfully.

ADS C:\ProgramData\TEMP:ABE89FFE deleted successfully.

ADS C:\ProgramData\TEMP:814B9485 deleted successfully.

ADS C:\ProgramData\TEMP:3064D21D deleted successfully.

ADS C:\ProgramData\TEMP:DCAF903C deleted successfully.

ADS C:\ProgramData\TEMP:CDFF58FE deleted successfully.

ADS C:\ProgramData\TEMP:ADE16379 deleted successfully.

ADS C:\ProgramData\TEMP:3B3A35EC deleted successfully.

ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.

ADS C:\ProgramData\TEMP:4F636E25 deleted successfully.

ADS C:\ProgramData\TEMP:35759C73 deleted successfully.

ADS C:\ProgramData\TEMP:798A3728 deleted successfully.

ADS C:\ProgramData\TEMP:41099CE9 deleted successfully.

ADS C:\ProgramData\TEMP:9E22BBE8 deleted successfully.

ADS C:\ProgramData\TEMP:BB24555F deleted successfully.

ADS C:\ProgramData\TEMP:B203B914 deleted successfully.

========== FILES ==========

C:\Program Files\Common Files\Spigot\Search Settings\Res folder moved successfully.

C:\Program Files\Common Files\Spigot\Search Settings\Lang folder moved successfully.

C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.

C:\Program Files\Common Files\Spigot folder moved successfully.

C:\PROGRAM FILES\pdfforge Toolbar\Res\Lang folder moved successfully.

C:\PROGRAM FILES\pdfforge Toolbar\Res folder moved successfully.

C:\PROGRAM FILES\pdfforge Toolbar\IE\4.9 folder moved successfully.

C:\PROGRAM FILES\pdfforge Toolbar\IE folder moved successfully.

C:\PROGRAM FILES\pdfforge Toolbar folder moved successfully.

C:\Users\xx\AppData\Roaming\.# folder moved successfully.

C:\Users\xx\AppData\Roaming\Uwxabu folder moved successfully.

C:\Users\xx\AppData\Roaming\Exovy folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: xy

->Temp folder emptied: 202338 bytes

->Temporary Internet Files folder emptied: 26832313 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 1226 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 75 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: xx

->Temp folder emptied: 1937332049 bytes

->Temporary Internet Files folder emptied: 47090927 bytes

->Java cache emptied: 3554001 bytes

->FireFox cache emptied: 49824396 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 2842780 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 302477951 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 20733644 bytes

%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes

RecycleBin emptied: 43603 bytes

 

Total Files Cleaned = 2.280,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.33.1 log created on 02212012_213237
 

Files\Folders moved on Reboot...

C:\Users\xx\AppData\Roaming\mozilla\Firefox\Profiles\eyvlmz8i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Hier die neue log:

Code:

22:03:42.0034 1412        TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

22:03:42.0190 1412        ============================================================

22:03:42.0190 1412        Current date / time: 2012/02/21 22:03:42.0190

22:03:42.0190 1412        SystemInfo:

22:03:42.0190 1412        

22:03:42.0190 1412        OS Version: 6.0.6002 ServicePack: 2.0

22:03:42.0190 1412        Product type: Workstation

22:03:42.0190 1412        ComputerName: xx-PC

22:03:42.0190 1412        UserName: xx

22:03:42.0190 1412        Windows directory: C:\Windows

22:03:42.0190 1412        System windows directory: C:\Windows

22:03:42.0190 1412        Processor architecture: Intel x86

22:03:42.0190 1412        Number of processors: 1

22:03:42.0190 1412        Page size: 0x1000

22:03:42.0190 1412        Boot type: Normal boot

22:03:42.0190 1412        ============================================================

22:03:42.0908 1412        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

22:03:42.0908 1412        \Device\Harddisk0\DR0:

22:03:42.0908 1412        MBR used

22:03:42.0908 1412        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x240A5800

22:03:42.0954 1412        Initialize success

22:03:42.0954 1412        ============================================================

22:06:25.0085 3288        ============================================================

22:06:25.0085 3288        Scan started

22:06:25.0085 3288        Mode: Manual; SigCheck; TDLFS; 

22:06:25.0085 3288        ============================================================

22:06:25.0553 3288        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

22:06:25.0709 3288        ACPI - ok

22:06:25.0772 3288        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

22:06:25.0803 3288        adp94xx - ok

22:06:25.0865 3288        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

22:06:25.0881 3288        adpahci - ok

22:06:25.0912 3288        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

22:06:25.0928 3288        adpu160m - ok

22:06:25.0974 3288        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

22:06:25.0990 3288        adpu320 - ok

22:06:26.0115 3288        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

22:06:26.0208 3288        AFD - ok

22:06:26.0271 3288        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

22:06:26.0286 3288        agp440 - ok

22:06:26.0333 3288        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

22:06:26.0349 3288        aic78xx - ok

22:06:26.0442 3288        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

22:06:26.0458 3288        aliide - ok

22:06:26.0505 3288        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

22:06:26.0520 3288        amdagp - ok

22:06:26.0645 3288        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

22:06:26.0661 3288        amdide - ok

22:06:26.0692 3288        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

22:06:26.0864 3288        AmdK7 - ok

22:06:26.0910 3288        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

22:06:27.0004 3288        AmdK8 - ok

22:06:27.0160 3288        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

22:06:27.0176 3288        arc - ok

22:06:27.0238 3288        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

22:06:27.0254 3288        arcsas - ok

22:06:27.0332 3288        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

22:06:27.0410 3288        AsyncMac - ok

22:06:27.0441 3288        atapi           (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys

22:06:27.0456 3288        atapi - ok

22:06:27.0566 3288        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

22:06:27.0597 3288        avgio - ok

22:06:27.0628 3288        avgntflt        (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys

22:06:27.0675 3288        avgntflt - ok

22:06:27.0722 3288        avipbb          (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys

22:06:27.0737 3288        avipbb - ok

22:06:27.0815 3288        b57nd60x        (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys

22:06:27.0862 3288        b57nd60x - ok

22:06:27.0924 3288        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

22:06:28.0002 3288        Beep - ok

22:06:28.0080 3288        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

22:06:28.0190 3288        blbdrive - ok

22:06:28.0314 3288        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

22:06:28.0377 3288        bowser - ok

22:06:28.0455 3288        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

22:06:28.0533 3288        BrFiltLo - ok

22:06:28.0564 3288        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

22:06:28.0611 3288        BrFiltUp - ok

22:06:28.0689 3288        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

22:06:28.0892 3288        Brserid - ok

22:06:28.0938 3288        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

22:06:29.0048 3288        BrSerWdm - ok

22:06:29.0079 3288        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

22:06:29.0204 3288        BrUsbMdm - ok

22:06:29.0235 3288        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

22:06:29.0313 3288        BrUsbSer - ok

22:06:29.0375 3288        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

22:06:29.0422 3288        BTHMODEM - ok

22:06:29.0484 3288        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

22:06:29.0547 3288        cdfs - ok

22:06:29.0625 3288        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

22:06:29.0656 3288        cdrom - ok

22:06:29.0687 3288        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

22:06:29.0750 3288        circlass - ok

22:06:29.0812 3288        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

22:06:29.0828 3288        CLFS - ok

22:06:29.0906 3288        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

22:06:29.0952 3288        CmBatt - ok

22:06:29.0999 3288        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

22:06:30.0015 3288        cmdide - ok

22:06:30.0062 3288        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

22:06:30.0077 3288        Compbatt - ok

22:06:30.0108 3288        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

22:06:30.0124 3288        crcdisk - ok

22:06:30.0155 3288        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

22:06:30.0218 3288        Crusoe - ok

22:06:30.0327 3288        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

22:06:30.0389 3288        DfsC - ok

22:06:30.0498 3288        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

22:06:30.0514 3288        disk - ok

22:06:30.0608 3288        DKbFltr         (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys

22:06:30.0623 3288        DKbFltr - ok

22:06:30.0701 3288        Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

22:06:30.0842 3288        Dot4 - ok

22:06:30.0888 3288        Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

22:06:30.0966 3288        Dot4Print - ok

22:06:31.0044 3288        dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

22:06:31.0154 3288        dot4usb - ok

22:06:31.0232 3288        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

22:06:31.0294 3288        drmkaud - ok

22:06:31.0434 3288        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

22:06:31.0544 3288        DXGKrnl - ok

22:06:31.0622 3288        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

22:06:31.0700 3288        E1G60 - ok

22:06:31.0824 3288        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

22:06:31.0840 3288        Ecache - ok

22:06:32.0027 3288        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

22:06:32.0058 3288        elxstor - ok

22:06:32.0168 3288        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

22:06:32.0230 3288        ErrDev - ok

22:06:32.0339 3288        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

22:06:32.0433 3288        exfat - ok

22:06:32.0511 3288        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

22:06:32.0589 3288        fastfat - ok

22:06:32.0682 3288        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

22:06:32.0729 3288        fdc - ok

22:06:32.0760 3288        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

22:06:32.0776 3288        FileInfo - ok

22:06:32.0823 3288        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

22:06:32.0854 3288        Filetrace - ok

22:06:32.0885 3288        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

22:06:32.0932 3288        flpydisk - ok

22:06:32.0994 3288        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

22:06:33.0010 3288        FltMgr - ok

22:06:33.0057 3288        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

22:06:33.0104 3288        Fs_Rec - ok

22:06:33.0135 3288        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

22:06:33.0150 3288        gagp30kx - ok

22:06:33.0244 3288        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

22:06:33.0260 3288        GEARAspiWDM - ok

22:06:33.0369 3288        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

22:06:33.0478 3288        HdAudAddService - ok

22:06:33.0587 3288        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

22:06:33.0696 3288        HDAudBus - ok

22:06:33.0743 3288        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

22:06:33.0852 3288        HidBth - ok

22:06:33.0884 3288        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

22:06:33.0977 3288        HidIr - ok

22:06:34.0086 3288        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

22:06:34.0164 3288        HidUsb - ok

22:06:34.0258 3288        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

22:06:34.0274 3288        HpCISSs - ok

22:06:34.0367 3288        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

22:06:34.0476 3288        HTTP - ok

22:06:34.0554 3288        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

22:06:34.0570 3288        i2omp - ok

22:06:34.0632 3288        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

22:06:34.0679 3288        i8042prt - ok

22:06:34.0804 3288        iaStor          (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys

22:06:34.0851 3288        iaStor - ok

22:06:34.0898 3288        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

22:06:34.0929 3288        iaStorV - ok

22:06:35.0381 3288        igfx            (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys

22:06:37.0050 3288        igfx - ok

22:06:37.0191 3288        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

22:06:37.0206 3288        iirsp - ok

22:06:37.0378 3288        IntcAzAudAddService (d4a1767fd9d5c7762e9b8b36527b8af3) C:\Windows\system32\drivers\RTKVHDA.sys

22:06:37.0690 3288        IntcAzAudAddService - ok

22:06:37.0799 3288        IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys

22:06:37.0830 3288        IntcHdmiAddService - ok

22:06:37.0924 3288        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

22:06:37.0924 3288        intelide - ok

22:06:37.0986 3288        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

22:06:38.0033 3288        intelppm - ok

22:06:38.0142 3288        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:06:38.0298 3288        IpFilterDriver - ok

22:06:38.0345 3288        IpInIp - ok

22:06:38.0392 3288        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

22:06:38.0454 3288        IPMIDRV - ok

22:06:38.0517 3288        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

22:06:38.0564 3288        IPNAT - ok

22:06:38.0626 3288        irda            (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys

22:06:38.0688 3288        irda - ok

22:06:38.0735 3288        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

22:06:38.0798 3288        IRENUM - ok

22:06:38.0844 3288        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

22:06:38.0860 3288        isapnp - ok

22:06:38.0938 3288        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

22:06:38.0954 3288        iScsiPrt - ok

22:06:38.0985 3288        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

22:06:39.0000 3288        iteatapi - ok

22:06:39.0032 3288        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

22:06:39.0047 3288        iteraid - ok

22:06:39.0078 3288        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

22:06:39.0094 3288        kbdclass - ok

22:06:39.0172 3288        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

22:06:39.0250 3288        kbdhid - ok

22:06:39.0344 3288        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

22:06:39.0422 3288        KSecDD - ok

22:06:39.0546 3288        L1C             (d2862bf2e43718dbdd24664ef4b6c0f0) C:\Windows\system32\DRIVERS\L1C60x86.sys

22:06:39.0640 3288        L1C - ok

22:06:39.0734 3288        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

22:06:39.0827 3288        lltdio - ok

22:06:39.0936 3288        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

22:06:39.0952 3288        LSI_FC - ok

22:06:39.0983 3288        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

22:06:39.0999 3288        LSI_SAS - ok

22:06:40.0046 3288        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

22:06:40.0061 3288        LSI_SCSI - ok

22:06:40.0092 3288        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

22:06:40.0139 3288        luafv - ok

22:06:40.0233 3288        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

22:06:40.0248 3288        MBAMProtector - ok

22:06:40.0326 3288        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

22:06:40.0326 3288        megasas - ok

22:06:40.0389 3288        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

22:06:40.0436 3288        MegaSR - ok

22:06:40.0498 3288        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

22:06:40.0545 3288        Modem - ok

22:06:40.0670 3288        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

22:06:40.0732 3288        monitor - ok

22:06:40.0763 3288        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

22:06:40.0779 3288        mouclass - ok

22:06:40.0810 3288        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

22:06:40.0841 3288        mouhid - ok

22:06:40.0888 3288        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

22:06:40.0904 3288        MountMgr - ok

22:06:40.0966 3288        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

22:06:40.0982 3288        mpio - ok

22:06:41.0028 3288        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

22:06:41.0075 3288        mpsdrv - ok

22:06:41.0122 3288        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

22:06:41.0138 3288        Mraid35x - ok

22:06:41.0184 3288        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

22:06:41.0278 3288        MRxDAV - ok

22:06:41.0372 3288        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:06:41.0465 3288        mrxsmb - ok

22:06:41.0543 3288        mrxsmb10        (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:06:41.0621 3288        mrxsmb10 - ok

22:06:41.0684 3288        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:06:41.0777 3288        mrxsmb20 - ok

22:06:41.0808 3288        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

22:06:41.0840 3288        msahci - ok

22:06:41.0886 3288        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

22:06:41.0902 3288        msdsm - ok

22:06:41.0980 3288        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

22:06:42.0042 3288        Msfs - ok

22:06:42.0089 3288        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

22:06:42.0105 3288        msisadrv - ok

22:06:42.0152 3288        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

22:06:42.0198 3288        MSKSSRV - ok

22:06:42.0245 3288        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

22:06:42.0276 3288        MSPCLOCK - ok

22:06:42.0323 3288        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

22:06:42.0386 3288        MSPQM - ok

22:06:42.0448 3288        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

22:06:42.0464 3288        MsRPC - ok

22:06:42.0510 3288        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

22:06:42.0526 3288        mssmbios - ok

22:06:42.0620 3288        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

22:06:42.0682 3288        MSTEE - ok

22:06:42.0776 3288        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

22:06:42.0807 3288        Mup - ok

22:06:42.0854 3288        mwlPSDFilter    (2de94e435c3efde58c7b1856d4f20724) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

22:06:42.0885 3288        mwlPSDFilter - ok

22:06:42.0932 3288        mwlPSDNServ     (61920a7146eed3d903dbbb8ec295af76) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

22:06:42.0947 3288        mwlPSDNServ - ok

22:06:42.0978 3288        mwlPSDVDisk     (e0f49721e68ebd2983e84c44fada6665) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

22:06:42.0994 3288        mwlPSDVDisk - ok

22:06:43.0088 3288        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

22:06:43.0134 3288        NativeWifiP - ok

22:06:43.0212 3288        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

22:06:43.0275 3288        NDIS - ok

22:06:43.0353 3288        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

22:06:43.0446 3288        NdisTapi - ok

22:06:43.0493 3288        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

22:06:43.0571 3288        Ndisuio - ok

22:06:43.0696 3288        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

22:06:43.0774 3288        NdisWan - ok

22:06:43.0821 3288        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

22:06:43.0852 3288        NDProxy - ok

22:06:43.0899 3288        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

22:06:43.0961 3288        NetBIOS - ok

22:06:44.0008 3288        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

22:06:44.0070 3288        netbt - ok

22:06:44.0258 3288        NETw5v32        (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys

22:06:44.0523 3288        NETw5v32 - ok

22:06:44.0585 3288        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

22:06:44.0601 3288        nfrd960 - ok

22:06:44.0726 3288        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

22:06:44.0788 3288        Npfs - ok

22:06:44.0850 3288        NSCIRDA         (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys

22:06:44.0928 3288        NSCIRDA - ok

22:06:45.0006 3288        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

22:06:45.0100 3288        nsiproxy - ok

22:06:45.0209 3288        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

22:06:45.0303 3288        Ntfs - ok

22:06:45.0381 3288        NTIDrvr         (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\Drivers\NTIDrvr.sys

22:06:45.0396 3288        NTIDrvr - ok

22:06:45.0443 3288        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

22:06:45.0537 3288        ntrigdigi - ok

22:06:45.0584 3288        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

22:06:45.0646 3288        Null - ok

22:06:45.0693 3288        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

22:06:45.0708 3288        nvraid - ok

22:06:45.0771 3288        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

22:06:45.0786 3288        nvstor - ok

22:06:45.0864 3288        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

22:06:45.0880 3288        nv_agp - ok

22:06:45.0896 3288        NwlnkFlt - ok

22:06:45.0911 3288        NwlnkFwd - ok

22:06:45.0958 3288        ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys

22:06:46.0020 3288        ohci1394 - ok

22:06:46.0098 3288        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

22:06:46.0208 3288        Parport - ok

22:06:46.0254 3288        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

22:06:46.0270 3288        partmgr - ok

22:06:46.0301 3288        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

22:06:46.0410 3288        Parvdm - ok

22:06:46.0473 3288        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

22:06:46.0488 3288        pci - ok

22:06:46.0520 3288        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

22:06:46.0535 3288        pciide - ok

22:06:46.0598 3288        pcmcia          (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys

22:06:46.0613 3288        pcmcia - ok

22:06:46.0785 3288        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

22:06:47.0050 3288        PEAUTH - ok

22:06:47.0237 3288        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

22:06:47.0300 3288        PptpMiniport - ok

22:06:47.0315 3288        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

22:06:47.0378 3288        Processor - ok

22:06:47.0487 3288        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

22:06:47.0549 3288        PSched - ok

22:06:47.0612 3288        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

22:06:47.0721 3288        ql2300 - ok

22:06:47.0799 3288        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

22:06:47.0814 3288        ql40xx - ok

22:06:47.0861 3288        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

22:06:47.0924 3288        QWAVEdrv - ok

22:06:47.0939 3288        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

22:06:47.0986 3288        RasAcd - ok

22:06:48.0033 3288        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

22:06:48.0095 3288        Rasl2tp - ok

22:06:48.0173 3288        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

22:06:48.0220 3288        RasPppoe - ok

22:06:48.0298 3288        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

22:06:48.0314 3288        RasSstp - ok

22:06:48.0454 3288        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

22:06:48.0532 3288        rdbss - ok

22:06:48.0579 3288        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

22:06:48.0688 3288        RDPCDD - ok

22:06:48.0797 3288        rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

22:06:48.0844 3288        rdpdr - ok

22:06:48.0875 3288        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

22:06:48.0938 3288        RDPENCDD - ok

22:06:49.0000 3288        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

22:06:49.0047 3288        RDPWD - ok

22:06:49.0187 3288        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

22:06:49.0234 3288        rspndr - ok

22:06:49.0296 3288        RTSTOR          (9b09f336de36a7a6ca871de8a7847b65) C:\Windows\system32\drivers\RTSTOR.SYS

22:06:49.0390 3288        RTSTOR - ok

22:06:49.0484 3288        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

22:06:49.0499 3288        sbp2port - ok

22:06:49.0562 3288        sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys

22:06:49.0671 3288        sdbus - ok

22:06:49.0749 3288        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

22:06:49.0827 3288        secdrv - ok

22:06:49.0874 3288        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

22:06:49.0952 3288        Serenum - ok

22:06:49.0983 3288        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

22:06:50.0076 3288        Serial - ok

22:06:50.0123 3288        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

22:06:50.0170 3288        sermouse - ok

22:06:50.0232 3288        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

22:06:50.0279 3288        sffdisk - ok

22:06:50.0326 3288        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

22:06:50.0373 3288        sffp_mmc - ok

22:06:50.0404 3288        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

22:06:50.0466 3288        sffp_sd - ok

22:06:50.0513 3288        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

22:06:50.0576 3288        sfloppy - ok

22:06:50.0638 3288        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

22:06:50.0654 3288        sisagp - ok

22:06:50.0716 3288        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

22:06:50.0732 3288        SiSRaid2 - ok

22:06:50.0778 3288        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

22:06:50.0794 3288        SiSRaid4 - ok

22:06:50.0888 3288        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

22:06:50.0919 3288        Smb - ok

22:06:50.0966 3288        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

22:06:50.0981 3288        spldr - ok

22:06:51.0044 3288        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

22:06:51.0106 3288        srv - ok

22:06:51.0137 3288        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

22:06:51.0184 3288        srv2 - ok

22:06:51.0262 3288        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

22:06:51.0293 3288        srvnet - ok

22:06:51.0356 3288        ssmdrv          (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys

22:06:51.0371 3288        ssmdrv - ok

22:06:51.0434 3288        StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys

22:06:51.0449 3288        StarOpen ( UnsignedFile.Multi.Generic ) - warning

22:06:51.0449 3288        StarOpen - detected UnsignedFile.Multi.Generic (1)

22:06:51.0496 3288        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

22:06:51.0527 3288        swenum - ok

22:06:51.0605 3288        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

22:06:51.0621 3288        Symc8xx - ok

22:06:51.0699 3288        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

22:06:51.0714 3288        Sym_hi - ok

22:06:51.0761 3288        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

22:06:51.0777 3288        Sym_u3 - ok

22:06:51.0824 3288        SynTP           (5c3e900f41426a372de60675afc8aa07) C:\Windows\system32\DRIVERS\SynTP.sys

22:06:51.0839 3288        SynTP - ok

22:06:51.0995 3288        Tcpip           (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys

22:06:52.0073 3288        Tcpip - ok

22:06:52.0136 3288        Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys

22:06:52.0214 3288        Tcpip6 - ok

22:06:52.0260 3288        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

22:06:52.0323 3288        tcpipreg - ok

22:06:52.0370 3288        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

22:06:52.0463 3288        TDPIPE - ok

22:06:52.0510 3288        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

22:06:52.0557 3288        TDTCP - ok

22:06:52.0604 3288        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

22:06:52.0635 3288        tdx - ok

22:06:52.0713 3288        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

22:06:52.0728 3288        TermDD - ok

22:06:52.0822 3288        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

22:06:52.0869 3288        tssecsrv - ok

22:06:52.0916 3288        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

22:06:52.0962 3288        tunmp - ok

22:06:53.0056 3288        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

22:06:53.0087 3288        tunnel - ok

22:06:53.0134 3288        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

22:06:53.0150 3288        uagp35 - ok

22:06:53.0196 3288        UBHelper        (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys

22:06:53.0212 3288        UBHelper - ok

22:06:53.0274 3288        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

22:06:53.0337 3288        udfs - ok

22:06:53.0399 3288        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

22:06:53.0415 3288        uliagpkx - ok

22:06:53.0446 3288        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

22:06:53.0477 3288        uliahci - ok

22:06:53.0508 3288        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

22:06:53.0524 3288        UlSata - ok

22:06:53.0586 3288        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

22:06:53.0602 3288        ulsata2 - ok

22:06:53.0680 3288        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

22:06:53.0774 3288        umbus - ok

22:06:53.0867 3288        USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

22:06:53.0945 3288        USBAAPL - ok

22:06:54.0039 3288        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

22:06:54.0117 3288        usbccgp - ok

22:06:54.0210 3288        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

22:06:54.0320 3288        usbcir - ok

22:06:54.0366 3288        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

22:06:54.0398 3288        usbehci - ok

22:06:54.0491 3288        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

22:06:54.0538 3288        usbhub - ok

22:06:54.0585 3288        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

22:06:54.0678 3288        usbohci - ok

22:06:54.0741 3288        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

22:06:54.0819 3288        usbprint - ok

22:06:54.0881 3288        usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

22:06:54.0928 3288        usbscan - ok

22:06:54.0990 3288        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:06:55.0037 3288        USBSTOR - ok

22:06:55.0178 3288        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

22:06:55.0209 3288        usbuhci - ok

22:06:55.0271 3288        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

22:06:55.0318 3288        usbvideo - ok

22:06:55.0365 3288        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

22:06:55.0427 3288        vga - ok

22:06:55.0474 3288        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

22:06:55.0536 3288        VgaSave - ok

22:06:55.0583 3288        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

22:06:55.0599 3288        viaagp - ok

22:06:55.0630 3288        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

22:06:55.0692 3288        ViaC7 - ok

22:06:55.0724 3288        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

22:06:55.0739 3288        viaide - ok

22:06:55.0786 3288        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

22:06:55.0802 3288        volmgr - ok

22:06:55.0880 3288        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

22:06:55.0895 3288        volmgrx - ok

22:06:55.0942 3288        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

22:06:55.0973 3288        volsnap - ok

22:06:56.0020 3288        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

22:06:56.0036 3288        vsmraid - ok

22:06:56.0129 3288        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

22:06:56.0207 3288        WacomPen - ok

22:06:56.0254 3288        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

22:06:56.0332 3288        Wanarp - ok

22:06:56.0379 3288        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

22:06:56.0410 3288        Wanarpv6 - ok

22:06:56.0488 3288        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

22:06:56.0504 3288        Wd - ok

22:06:56.0550 3288        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

22:06:56.0597 3288        Wdf01000 - ok

22:06:56.0722 3288        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

22:06:56.0769 3288        WmiAcpi - ok

22:06:56.0862 3288        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

22:06:56.0909 3288        WpdUsb - ok

22:06:56.0956 3288        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

22:06:56.0987 3288        ws2ifsl - ok

22:06:57.0081 3288        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

22:06:57.0128 3288        WUDFRd - ok

22:06:57.0206 3288        MBR (0x1B8)     (beedf9b7f43a72a91456f7131afc11b2) \Device\Harddisk0\DR0

22:06:57.0580 3288        \Device\Harddisk0\DR0 - ok

22:06:57.0611 3288        Boot (0x1200)   (64f45d84ca6c654c67545fd1ef4d0996) \Device\Harddisk0\DR0\Partition0

22:06:57.0627 3288        \Device\Harddisk0\DR0\Partition0 - ok

22:06:57.0642 3288        ============================================================

22:06:57.0642 3288        Scan finished

22:06:57.0642 3288        ============================================================

22:06:57.0674 2568        Detected object count: 1

22:06:57.0674 2568        Actual detected object count: 1

22:07:08.0406 2568        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user

22:07:08.0406 2568        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

da isse

Code:

ComboFix 12-02-22.01 - xx 22.02.2012  11:49:57.1.1 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3001.1856 [GMT 1:00]

ausgeführt von:: c:\users\xx\Downloads\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Roaming

c:\users\xx\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif

c:\users\xx\Documents\~WRL0004.tmp

c:\users\xx\Documents\~WRL1896.tmp

c:\users\xx\Documents\~WRL2952.tmp

c:\windows\unin0407.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-01-22 bis 2012-02-22  ))))))))))))))))))))))))))))))

.

.

2012-02-22 11:02 . 2012-02-22 11:02        --------        d-----w-        c:\users\xx\AppData\Local\temp

2012-02-22 11:02 . 2012-02-22 11:02        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-02-22 11:02 . 2012-02-22 11:02        --------        d-----w-        c:\users\xy\AppData\Local\temp

2012-02-21 20:32 . 2012-02-21 20:32        --------        d-----w-        C:\_OTL

2012-02-21 13:09 . 2012-02-21 13:09        --------        d-----w-        c:\program files\ESET

2012-02-20 16:16 . 2012-02-20 16:16        --------        d-----w-        c:\users\Public\Roaming

2012-02-20 16:16 . 2012-02-20 16:16        --------        d-----w-        c:\users\xx\Roaming

2012-02-20 16:16 . 2012-02-20 16:16        --------        d-----w-        c:\users\xx\AppData\Roaming\Intel

2012-02-20 16:16 . 2012-02-20 16:16        --------        d-----w-        c:\users\Default\Roaming

2012-02-20 16:16 . 2012-02-20 16:16        --------        d-----w-        c:\users\xy\Roaming

2012-02-20 16:14 . 2012-02-20 16:14        --------        d-----w-        c:\program files\Cisco

2012-02-20 16:14 . 2012-02-20 16:14        --------        d-----w-        c:\program files\Common Files\Intel

2012-02-20 16:14 . 2012-02-20 16:14        --------        d-----w-        c:\programdata\Intel

2012-02-20 14:25 . 2012-02-20 14:25        --------        d-----w-        c:\users\xx\AppData\Roaming\Malwarebytes

2012-02-20 14:24 . 2012-02-20 14:24        --------        d-----w-        c:\programdata\Malwarebytes

2012-02-20 14:24 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-02-20 14:24 . 2012-02-20 14:24        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-02-15 18:36 . 2012-02-20 16:04        45016        ----a-w-        c:\program files\Mozilla Firefox\mozutils.dll

2012-02-15 18:36 . 2012-02-15 18:36        626688        ----a-w-        c:\program files\Mozilla Firefox\msvcr80.dll

2012-02-15 18:36 . 2012-02-15 18:36        548864        ----a-w-        c:\program files\Mozilla Firefox\msvcp80.dll

2012-02-15 18:36 . 2012-02-15 18:36        479232        ----a-w-        c:\program files\Mozilla Firefox\msvcm80.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-01 21:02 . 2009-05-01 21:02        1044480        ----a-w-        c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02        200704        ----a-w-        c:\program files\mozilla firefox\plugins\ssldivx.dll

2012-02-20 16:04 . 2011-09-09 13:48        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-10-27 10:05        40496        ----a-w-        c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-12 186904]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-11 7399968]

"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]

"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-01 249600]

"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-05-15 440864]

"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2009-04-29 176128]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-6-13 565248]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^xx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]

path=c:\users\xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecLiveUpdate]

2008-10-27 13:09        199464        ----a-w-        c:\program files\EgisTec Egis Software Update\EgisUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-09-04 23:42        136176        ----atw-        c:\users\xx\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2006-10-26 22:47        31016        ----a-w-        c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-10-14 20:17        49152        ----a-w-        c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2007-08-22 15:31        80896        ----a-w-        c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-18 23:07        421736        ----a-w-        c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

2009-04-09 00:56        1071624        ----a-w-        c:\program files\Launch Manager\LManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2012-01-13 13:53        460872        ----a-w-        c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon]

2008-10-27 10:05        346672        ----a-w-        c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]

2011-04-28 07:59        220552        ----a-w-        c:\program files\PDF24\pdf24.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 16:36        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

2009-04-11 04:11        1833504        ----a-w-        c:\program files\Realtek\Audio\HDA\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners

.

2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 16:50]

.

2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 16:50]

.

2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2752085062-1975141627-2355531261-1000Core.job

- c:\users\xx\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-04 23:42]

.

2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2752085062-1975141627-2355531261-1000UA.job

- c:\users\xx\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-04 23:42]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

mStart Page = 

mLocal Page = 

uInternet Settings,ProxyOverride = *.local

IE: Free YouTube to MP3 Converter - c:\users\xx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\eyvlmz8i.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.de

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-F A T - c:\windows\unin0407.exe

AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-02-22 12:02

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-02-22  12:07:05

ComboFix-quarantined-files.txt  2012-02-22 11:07

.

Vor Suchlauf: 13 Verzeichnis(se), 102.980.698.112 Bytes frei

Nach Suchlauf: 18 Verzeichnis(se), 102.922.088.448 Bytes frei

.

- - End Of File - - 34D3CCD10C55FA7D1D419FBAE5C7D474

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

hier die gmer log

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-02-22 16:46:57

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0

Running: kotlyulg.exe; Driver: C:\Users\xx\AppData\Local\Temp\uglirfog.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            810244A4                                                                                                                                     ZwCreateThread

SSDT            81024490                                                                                                                                     ZwOpenProcess

SSDT            81024495                                                                                                                                     ZwOpenThread

SSDT            8102449F                                                                                                                                     ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!KeSetEvent + 221                                                                                                                822F69A4 4 Bytes  [A4, 44, 02, 81]

.text           ntkrnlpa.exe!KeSetEvent + 3F1                                                                                                                822F6B74 4 Bytes  [90, 44, 02, 81]

.text           ntkrnlpa.exe!KeSetEvent + 40D                                                                                                                822F6B90 4 Bytes  [95, 44, 02, 81]

.text           ntkrnlpa.exe!KeSetEvent + 621                                                                                                                822F6DA4 4 Bytes  [9F, 44, 02, 81]

?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                                                   Das System kann die angegebene Datei nicht finden. !

?               C:\Users\xx\AppData\Local\Temp\catchme.sys                                                                                              Das System kann die angegebene Datei nicht finden. !
 

---- User code sections - GMER 1.0.15 ----
 

.text           C:\Windows\explorer.exe[2536] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5                                                                   7671B37C 4 Bytes  [B0, 22, 00, 10] {MOV AL, 0x22; ADD [EAX], DL}
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[644] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx]  [019B1210] C:\Program Files\NewTech Infosystems\Acer Backup Manager\Pehook.dll (Backup Manager Module/NewTech Infosystems, Inc.)

IAT             C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown]                                                        [74967817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage]                                                         [749BA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI]                                                     [7496BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode]                                               [7495F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup]                                                         [749675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC]                                                      [7495E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                          [74998395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream]                                             [7496DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight]                                                     [7495FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth]                                                      [7495FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage]                                                       [749571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM]                                               [749ECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile]                                                  [7498C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics]                                                     [7495D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree]                                                               [74956853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc]                                                              [7495687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2536] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode]                                                 [74962AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\explorer.exe[2536] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                                                  [10002480] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)

IAT             C:\Windows\explorer.exe[2536] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]                                      [10001DA0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)

IAT             C:\Windows\explorer.exe[2536] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                                                [100027D0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)

IAT             C:\Windows\explorer.exe[2536] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                                  [10001290] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                      Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                      Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                     fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 

---- EOF - GMER 1.0.15 ----

die anderen folgen...