Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows aufgrund von massiven Sicherheitslücken gesperrt! 50€ (https://www.trojaner-board.de/111019-windows-aufgrund-massiven-sicherheitsluecken-gesperrt-50-a.html)

Adora 06.03.2012 16:33
Windows aufgrund von massiven Sicherheitslücken gesperrt! 50€
 
Hallo,

ich habe seit einigen Tagen das Problem, dass mein Computer plötzlich einen schwarzen Bildschirm mit einem großen roten Textfeld bekommt. Angeblich hätte Windows ein massives Sicherheitsproblem und für 50€ könne man das lösen.
Ich bin dann auf diese Seite hier gestoßen und habe schon ein mal ein wenig herum gestöbert wie man dieses Problem lösen könne. Wie in den meisten Threads beschrieben habe ich mir das Programm OTL von OldTimer herunter geladen und wie beschrieben durchlaufen lassen.

Hier die beiden Dateien die OTL ausgespuckt hat:

cosinus 07.03.2012 00:50
Nach Möglichkeit im normalen Modus machen, ansonsten im abgesicherten Modus mit Netzwerk:

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Adora 07.03.2012 14:12
So, alles wie beschrieben ausgeführt.

Hier der log.txt vom Malwarebytes

Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.07.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Dadudu :: DADUDU-PC [Administrator]

07.03.2012 12:05:30
mbam-log-2012-03-07 (12-05-30).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 329296
Laufzeit: 1 Stunde(n), 2 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\Software\RavenBleuSA (Adware.Hotbar.RB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\RavenBleuSA (Adware.Hotbar.RB) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ffdwnd (Trojan.Agent) -> Daten: C:\Users\Dadudu\AppData\Local\Mozilla\Firefox\firefox.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Dadudu\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSACB.exe (Adware.HotBar.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dadudu\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSAHook.dll (Adware.HotBar.RB) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

und hier vom Eset-Scan

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

cosinus 07.03.2012 14:51
Bei ESET hast du das hier missachtet => Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen

Bitte so ausführen wie es da auch steht

Adora 07.03.2012 15:58
Ohh, sorry.

Dann hier nochmal:

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5a83f05768e8c542adf845ad44f3bf58
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-07 02:55:26
# local_time=2012-03-07 03:55:26 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 239822 239822 0 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 88597 168661738 0 0
# compatibility_mode=8192 67108863 100 0 10143 10143 0 0
# scanned=162787
# found=1
# cleaned=0
# scan_time=3116
D:\World of Warcraft\Interface\AddOns\Aquastop\wowpfb Lunchpad.exe        Win32/Packed.Autoit.E.Gen application (unable to clean)        00000000000000000000000000000000        I

cosinus 07.03.2012 16:04
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Adora 07.03.2012 16:20
OTL Logfile:
Code:
OTL logfile created on: 07.03.2012 16:09:53 - Run 2
OTL by OldTimer - Version 3.2.35.1    Folder = C:\Users\Dadudu\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 60,52% Memory free
6,71 Gb Paging File | 5,62 Gb Available in Paging File | 83,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 453,76 Gb Total Space | 343,53 Gb Free Space | 75,71% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 400,20 Gb Free Space | 85,92% Space Free | Partition Type: NTFS
Drive K: | 999,70 Mb Total Space | 764,11 Mb Free Space | 76,43% Space Free | Partition Type: FAT
 
Computer Name: DADUDU-PC | User Name: Dadudu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.06 15:04:08 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Dadudu\Desktop\OTL.exe
PRC - [2012.01.31 08:56:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.31 08:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.08.03 09:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2010.08.03 09:03:46 | 003,649,096 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2009.12.03 00:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.02.04 11:13:36 | 001,038,136 | ---- | M] (Packard Bell BV) -- C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.01.18 13:03:10 | 000,099,896 | ---- | M] (Packard Bell BV) -- C:\Program Files\Packard Bell\FIJI\AOSD.exe
PRC - [2007.01.18 13:03:00 | 000,079,416 | ---- | M] (Packard Bell BV) -- C:\Program Files\Packard Bell\FIJI\ABoard.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (UPnPService)
SRV - File not found [On_Demand | Stopped] --  -- (stllssvr)
SRV - File not found [On_Demand | Stopped] --  -- (Sony Ericsson PCCompanion)
SRV - File not found [On_Demand | Stopped] --  -- (LBTServ)
SRV - File not found [On_Demand | Stopped] --  -- (IDriverT)
SRV - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (SSMO3v2Filter)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (azxjx851)
DRV - [2012.01.31 08:56:33 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.01.31 08:56:33 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.29 11:24:15 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.06.29 11:24:15 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010.11.25 06:59:16 | 000,541,800 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009.11.23 16:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009.11.23 16:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.30 21:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009.03.27 23:03:00 | 007,738,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.10.04 20:04:08 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.02.29 02:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008.02.29 02:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008.02.29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.02.29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.02.29 02:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007.11.08 00:52:10 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2007.09.11 14:19:20 | 000,123,424 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.09.11 14:19:16 | 000,114,208 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.09.10 19:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.09.04 18:08:24 | 000,286,208 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2007.07.07 14:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.packardbell.com/?id=9262
IE - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PBEA
IE - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: NPDyyno@dyyno.com:1.0.0.26
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Dadudu\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.07 14:59:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2008.09.27 21:02:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dadudu\AppData\Roaming\mozilla\Extensions
[2012.02.11 18:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions
[2012.01.05 13:14:56 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.06 00:53:20 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\welcome@toolmin.com
[2012.01.25 23:55:46 | 000,000,933 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\11-suche.xml
[2012.01.25 23:55:46 | 000,002,419 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\englische-ergebnisse.xml
[2012.01.25 23:55:46 | 000,010,525 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\gmx-suche.xml
[2012.03.07 15:01:44 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-1.xml
[2011.07.18 11:35:15 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-2.xml
[2011.08.24 08:04:29 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-3.xml
[2011.10.05 19:02:42 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-4.xml
[2011.11.08 18:38:22 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-5.xml
[2011.11.15 23:24:34 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-6.xml
[2011.11.29 15:34:30 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-7.xml
[2011.12.10 21:23:01 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-8.xml
[2012.03.07 14:59:34 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-9.xml
[2011.07.04 07:07:47 | 000,001,056 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin.xml
[2012.01.25 23:55:46 | 000,002,457 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\lastminute.xml
[2012.01.25 23:55:46 | 000,005,508 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\webde-suche.xml
[2012.03.07 14:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.02.16 15:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 11:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Dadudu\AppData\Roaming\toolplugin\toolbar.dll File not found
O4 - HKLM..\Run: [ACTIVBOARD] C:\Program Files\Packard Bell\FIJI\aboard.exe (Packard Bell BV)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000..\Run: [BLASC] "C:\Program Files\buffed\BLASC.exe" silent File not found
O4 - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000..\Run: [EPSON BX305 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background File not found
O7 - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36C3D9FD-44CE-4997-8272-C0314F3AE469}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Packard Bell\Wallpaper\Wallpaper Galactic_1900x1440.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Packard Bell\Wallpaper\Wallpaper Galactic_1900x1440.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9fad5383-a220-11e0-beb0-a521a5e966e0}\Shell - "" = AutoRun
O33 - MountPoints2\{9fad5383-a220-11e0-beb0-a521a5e966e0}\Shell\AutoRun\command - "" = L:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.07 15:02:10 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Dadudu\Desktop\esetsmartinstaller_enu.exe
[2012.03.07 14:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.03.07 13:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.07 12:04:50 | 000,000,000 | ---D | C] -- C:\Users\Dadudu\AppData\Roaming\Malwarebytes
[2012.03.07 12:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.07 12:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.07 12:04:08 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.07 12:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.07 11:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012.03.06 17:16:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.03.06 15:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.03.06 15:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.03.06 15:15:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.03.06 15:14:21 | 000,000,000 | ---D | C] -- C:\Users\Dadudu\Desktop\text
[2012.03.06 15:14:14 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Dadudu\Desktop\OTL.exe
[2012.03.06 14:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012.03.06 14:33:14 | 000,000,000 | R--D | C] -- C:\Users\Dadudu\Favorites
[2012.03.05 10:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\RIFT Game
[2012.03.04 21:27:12 | 000,000,000 | ---D | C] -- C:\Users\Dadudu\AppData\Roaming\Avira
[2012.03.04 21:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.03.04 21:26:29 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.03.04 21:26:29 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.03.04 21:26:29 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.03.04 21:26:29 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.03.04 21:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.03.04 21:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.03.04 20:34:32 | 000,000,000 | ---D | C] -- C:\Users\Dadudu\Tracing
[2012.03.04 20:34:12 | 000,000,000 | R--D | C] -- C:\Users\Dadudu\Desktop
[2012.02.07 01:21:27 | 000,000,000 | ---D | C] -- C:\Users\Dadudu\AppData\Local\Babylon
[2012.02.07 01:21:25 | 000,000,000 | ---D | C] -- C:\Users\Dadudu\AppData\Roaming\Babylon
[2012.02.07 01:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.02.07 01:21:12 | 000,000,000 | ---D | C] -- C:\Users\Dadudu\AppData\Local\RavenBleuSA
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.07 16:00:01 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator-Dadudu.job
[2012.03.07 16:00:01 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie-Dadudu.job
[2012.03.07 15:10:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.07 15:10:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.07 15:02:13 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Dadudu\Desktop\esetsmartinstaller_enu.exe
[2012.03.07 14:59:16 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.07 13:17:05 | 000,670,924 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.07 13:17:05 | 000,631,654 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.07 13:17:05 | 000,144,092 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.07 13:17:05 | 000,118,280 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.07 13:10:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.07 12:04:11 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.07 12:00:27 | 000,313,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.07 11:56:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012.03.06 15:34:29 | 000,000,839 | ---- | M] () -- C:\Users\Dadudu\Desktop\riftpatchlive - Verknüpfung.lnk
[2012.03.06 15:31:56 | 000,000,680 | ---- | M] () -- C:\Users\Dadudu\AppData\Local\d3d9caps.dat
[2012.03.06 15:04:08 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Dadudu\Desktop\OTL.exe
[2012.03.04 21:26:36 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.03.04 21:21:32 | 087,227,952 | ---- | M] () -- C:\Users\Dadudu\Desktop\avira_free_antivirus_898de.exe
[2012.02.29 15:03:27 | 000,007,168 | ---- | M] () -- C:\Users\Dadudu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2012.03.07 14:59:16 | 000,000,849 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.07 12:04:11 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.07 11:56:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012.03.06 15:34:29 | 000,000,839 | ---- | C] () -- C:\Users\Dadudu\Desktop\riftpatchlive - Verknüpfung.lnk
[2012.03.06 15:31:56 | 000,000,680 | ---- | C] () -- C:\Users\Dadudu\AppData\Local\d3d9caps.dat
[2012.03.04 21:26:36 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.03.04 21:25:47 | 087,227,952 | ---- | C] () -- C:\Users\Dadudu\Desktop\avira_free_antivirus_898de.exe
[2011.08.24 17:15:08 | 000,007,168 | ---- | C] () -- C:\Users\Dadudu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.26 22:21:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.14 19:35:19 | 000,000,760 | ---- | C] () -- C:\Users\Dadudu\AppData\Roaming\setup_ldm.iss
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
 
========== LOP Check ==========
 
[2009.01.16 23:33:20 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Acreon
[2012.02.07 01:21:25 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Babylon
[2008.10.04 20:03:38 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\DAEMON Tools
[2011.11.23 11:27:33 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Epson
[2011.11.08 23:46:25 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\FOG Downloader
[2008.10.10 13:06:24 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Leadertech
[2009.05.19 08:29:28 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\MAGIX
[2010.01.28 18:24:49 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Mumble
[2010.05.13 19:25:23 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\ooVoo Details
[2008.10.29 09:14:57 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\OpenOffice.org
[2011.03.30 17:05:41 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\RayV
[2011.08.10 23:26:50 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\RIFT
[2012.03.06 14:35:51 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\SteelSeries
[2011.11.16 00:27:02 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Thunderbird
[2012.03.04 22:52:39 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\toolplugin
[2011.11.22 18:02:09 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\TS3Client
[2012.03.07 16:00:01 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\Erweiterte Garantie-Dadudu.job
[2012.03.07 16:00:01 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\Recovery DVD Creator-Dadudu.job
[2012.03.07 13:08:46 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.01.16 23:33:20 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Acreon
[2008.11.27 17:21:27 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Adobe
[2012.03.04 21:27:12 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Avira
[2012.02.07 01:21:25 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Babylon
[2008.10.04 20:03:38 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\DAEMON Tools
[2011.09.14 03:24:56 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\DivX
[2011.11.23 11:27:33 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Epson
[2011.11.08 23:46:25 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\FOG Downloader
[2008.09.28 03:30:36 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Google
[2008.09.27 20:45:49 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Identities
[2008.10.10 13:04:34 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\InstallShield
[2008.12.03 21:02:31 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Ipswitch
[2008.10.10 13:06:24 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Leadertech
[2008.10.10 13:07:00 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Logitech
[2008.09.27 20:49:51 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Macromedia
[2009.05.19 08:29:28 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\MAGIX
[2012.03.07 12:04:50 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Media Center Programs
[2011.07.05 17:53:47 | 000,000,000 | --SD | M] -- C:\Users\Dadudu\AppData\Roaming\Microsoft
[2010.04.24 21:01:52 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Move Networks
[2008.09.27 21:02:01 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Mozilla
[2010.01.28 18:24:49 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Mumble
[2010.05.13 19:25:23 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\ooVoo Details
[2008.10.29 09:14:57 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\OpenOffice.org
[2011.03.30 17:05:41 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\RayV
[2011.08.10 23:26:50 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\RIFT
[2008.10.05 07:20:32 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Roxio
[2012.03.06 14:32:51 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Skype
[2011.05.26 22:20:49 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\skypePM
[2012.03.06 14:35:51 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\SteelSeries
[2010.03.02 21:28:30 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\teamspeak2
[2011.11.16 00:27:02 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Thunderbird
[2012.03.04 22:52:39 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\toolplugin
[2011.11.22 18:02:09 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\TS3Client
[2009.08.08 10:52:38 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Ventrilo
[2008.12.07 16:34:28 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\vlc
[2008.10.05 16:22:47 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\WinRAR
[2008.12.16 17:42:23 | 000,000,000 | ---D | M] -- C:\Users\Dadudu\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2009.01.16 23:33:23 | 000,272,384 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Acreon\WowMatrix\Modules\curl.exe
[2010.04.24 21:01:52 | 000,144,053 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Move Networks\uninstall.exe
[2010.02.11 20:31:38 | 000,097,216 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2007.09.11 14:19:16 | 000,114,208 | ---- | M] (NVIDIA Corporation) MD5=8FFB327669B980549BD318D939A34F9B -- C:\drivers\MOBO\CHIPSET\IDE\WinVista\sata_ide\nvstor32.sys
[2007.09.11 14:19:16 | 000,114,208 | ---- | M] (NVIDIA Corporation) MD5=8FFB327669B980549BD318D939A34F9B -- C:\Windows\System32\drivers\nvstor32.sys
[2007.09.11 14:19:16 | 000,114,208 | ---- | M] (NVIDIA Corporation) MD5=8FFB327669B980549BD318D939A34F9B -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_4b699c67\nvstor32.sys
[2007.09.11 14:19:18 | 000,114,208 | ---- | M] (NVIDIA Corporation) MD5=AFD01721DC3297E6715C5F472DD8BCCD -- C:\drivers\MOBO\CHIPSET\IDE\WinVista\sataraid\nvstor32.sys
[2007.09.11 14:19:18 | 000,114,208 | ---- | M] (NVIDIA Corporation) MD5=AFD01721DC3297E6715C5F472DD8BCCD -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_8225a48e\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.10.04 20:04:08 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
--- --- ---
[/code]

cosinus 07.03.2012 20:42
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (azxjx851)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.packardbell.com/?id=9262
IE - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PBEA
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
[2012.01.05 13:14:56 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.06 00:53:20 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\welcome@toolmin.com
[2012.01.25 23:55:46 | 000,000,933 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\11-suche.xml
[2012.01.25 23:55:46 | 000,002,419 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\englische-ergebnisse.xml
[2012.01.25 23:55:46 | 000,010,525 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\gmx-suche.xml
[2012.03.07 15:01:44 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-1.xml
[2011.07.18 11:35:15 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-2.xml
[2011.08.24 08:04:29 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-3.xml
[2011.10.05 19:02:42 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-4.xml
[2011.11.08 18:38:22 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-5.xml
[2011.11.15 23:24:34 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-6.xml
[2011.11.29 15:34:30 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-7.xml
[2011.12.10 21:23:01 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-8.xml
[2012.03.07 14:59:34 | 000,000,950 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-9.xml
[2011.07.04 07:07:47 | 000,001,056 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin.xml
[2012.01.25 23:55:46 | 000,002,457 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\lastminute.xml
[2012.01.25 23:55:46 | 000,005,508 | ---- | M] () -- C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\webde-suche.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKU\S-1-5-21-2528158178-3138933754-1184238012-1000..\Run: [BLASC] "C:\Program Files\buffed\BLASC.exe" silent File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9fad5383-a220-11e0-beb0-a521a5e966e0}\Shell - "" = AutoRun
O33 - MountPoints2\{9fad5383-a220-11e0-beb0-a521a5e966e0}\Shell\AutoRun\command - "" = L:\Startme.exe
[2012.03.04 20:34:12 | 000,000,000 | R--D | C] -- C:\Users\Dadudu\Desktop
[2012.02.07 01:21:27 | 000,000,000 | ---D | C] -- C:\Users\Dadudu\AppData\Local\Babylon
[2012.02.07 01:21:25 | 000,000,000 | ---D | C] -- C:\Users\Dadudu\AppData\Roaming\Babylon
[2012.02.07 01:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.02.07 01:21:12 | 000,000,000 | ---D | C] -- C:\Users\Dadudu\AppData\Local\RavenBleuSA
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Adora 07.03.2012 20:52
Code:
All processes killed
========== OTL ==========
Error: No service named azxjx851 was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\azxjx851 deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2528158178-3138933754-1184238012-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKEY_USERS\S-1-5-21-2528158178-3138933754-1184238012-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2528158178-3138933754-1184238012-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2528158178-3138933754-1184238012-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Prefs.js: "Search the web" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" removed from browser.search.defaulturl
Prefs.js: "Search the web" removed from browser.search.order.1
Prefs.js: "Search the web" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
Prefs.js: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
C:\Users\Dadudu\AppData\Roaming\Mozilla\FireFox\Profiles\4z5896wz.default\user.js moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\welcome@toolmin.com\chrome\content folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\welcome@toolmin.com\chrome folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\mozilla\Firefox\Profiles\4z5896wz.default\extensions\welcome@toolmin.com folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\11-suche.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\englische-ergebnisse.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\gmx-suche.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\lastminute.xml moved successfully.
C:\Users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\searchplugins\webde-suche.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-2528158178-3138933754-1184238012-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BLASC deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fad5383-a220-11e0-beb0-a521a5e966e0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9fad5383-a220-11e0-beb0-a521a5e966e0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fad5383-a220-11e0-beb0-a521a5e966e0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9fad5383-a220-11e0-beb0-a521a5e966e0}\ not found.
File L:\Startme.exe not found.
C:\Users\Dadudu\Desktop folder moved successfully.
C:\Users\Dadudu\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\Dadudu\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\Dadudu\AppData\Local\Babylon folder moved successfully.
C:\Users\Dadudu\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\Users\Dadudu\AppData\Local\RavenBleuSA\data folder moved successfully.
C:\Users\Dadudu\AppData\Local\RavenBleuSA\bin\1.0.11.0 folder moved successfully.
C:\Users\Dadudu\AppData\Local\RavenBleuSA\bin folder moved successfully.
C:\Users\Dadudu\AppData\Local\RavenBleuSA folder moved successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Dadudu
->Temp folder emptied: 3045 bytes
->Temporary Internet Files folder emptied: 39378971 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50883185 bytes
->Flash cache emptied: 456 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37200968 bytes
RecycleBin emptied: 169172 bytes
 
Total Files Cleaned = 122,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.35.1 log created on 03072012_204642

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 07.03.2012 23:25
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Adora 08.03.2012 00:39
Code:
00:36:36.0159 2688        TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39
00:36:36.0393 2688        ============================================================
00:36:36.0393 2688        Current date / time: 2012/03/08 00:36:36.0393
00:36:36.0393 2688        SystemInfo:
00:36:36.0393 2688       
00:36:36.0393 2688        OS Version: 6.0.6002 ServicePack: 2.0
00:36:36.0393 2688        Product type: Workstation
00:36:36.0393 2688        ComputerName: DADUDU-PC
00:36:36.0393 2688        UserName: Dadudu
00:36:36.0393 2688        Windows directory: C:\Windows
00:36:36.0393 2688        System windows directory: C:\Windows
00:36:36.0393 2688        Processor architecture: Intel x86
00:36:36.0393 2688        Number of processors: 4
00:36:36.0393 2688        Page size: 0x1000
00:36:36.0393 2688        Boot type: Normal boot
00:36:36.0393 2688        ============================================================
00:36:36.0737 2688        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:36:36.0752 2688        Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:36:36.0799 2688        \Device\Harddisk0\DR0:
00:36:36.0799 2688        MBR used
00:36:36.0799 2688        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x38B838D1
00:36:36.0799 2688        \Device\Harddisk1\DR1:
00:36:36.0815 2688        MBR used
00:36:36.0815 2688        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
00:36:36.0908 2688        Initialize success
00:36:36.0908 2688        ============================================================
00:36:42.0337 0744        ============================================================
00:36:42.0337 0744        Scan started
00:36:42.0337 0744        Mode: Manual; SigCheck; TDLFS;
00:36:42.0337 0744        ============================================================
00:36:42.0992 0744        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
00:36:43.0101 0744        ACPI - ok
00:36:43.0413 0744        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
00:36:43.0507 0744        adp94xx - ok
00:36:43.0601 0744        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
00:36:43.0616 0744        adpahci - ok
00:36:43.0694 0744        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
00:36:43.0710 0744        adpu160m - ok
00:36:43.0819 0744        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
00:36:43.0835 0744        adpu320 - ok
00:36:43.0928 0744        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
00:36:43.0991 0744        AFD - ok
00:36:44.0318 0744        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
00:36:44.0318 0744        agp440 - ok
00:36:44.0583 0744        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:36:44.0599 0744        aic78xx - ok
00:36:44.0677 0744        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
00:36:44.0693 0744        aliide - ok
00:36:44.0755 0744        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
00:36:44.0755 0744        amdagp - ok
00:36:44.0989 0744        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
00:36:45.0005 0744        amdide - ok
00:36:45.0051 0744        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
00:36:45.0176 0744        AmdK7 - ok
00:36:45.0410 0744        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
00:36:45.0457 0744        AmdK8 - ok
00:36:45.0535 0744        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
00:36:45.0535 0744        arc - ok
00:36:45.0597 0744        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
00:36:45.0613 0744        arcsas - ok
00:36:45.0691 0744        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
00:36:45.0753 0744        AsyncMac - ok
00:36:45.0972 0744        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
00:36:45.0987 0744        atapi - ok
00:36:46.0050 0744        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
00:36:46.0097 0744        avgntflt - ok
00:36:46.0315 0744        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
00:36:46.0331 0744        avipbb - ok
00:36:46.0377 0744        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
00:36:46.0393 0744        avkmgr - ok
00:36:46.0471 0744        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
00:36:46.0518 0744        Beep - ok
00:36:46.0580 0744        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
00:36:46.0627 0744        blbdrive - ok
00:36:46.0705 0744        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
00:36:46.0767 0744        bowser - ok
00:36:46.0830 0744        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:36:46.0877 0744        BrFiltLo - ok
00:36:46.0923 0744        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:36:46.0970 0744        BrFiltUp - ok
00:36:47.0033 0744        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:36:47.0173 0744        Brserid - ok
00:36:47.0235 0744        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:36:47.0313 0744        BrSerWdm - ok
00:36:47.0454 0744        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:36:47.0547 0744        BrUsbMdm - ok
00:36:47.0797 0744        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:36:47.0891 0744        BrUsbSer - ok
00:36:48.0171 0744        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
00:36:48.0218 0744        BTHMODEM - ok
00:36:48.0281 0744        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
00:36:48.0343 0744        cdfs - ok
00:36:48.0390 0744        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
00:36:48.0421 0744        cdrom - ok
00:36:48.0468 0744        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
00:36:48.0515 0744        circlass - ok
00:36:48.0827 0744        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
00:36:48.0842 0744        CLFS - ok
00:36:49.0014 0744        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
00:36:49.0029 0744        cmdide - ok
00:36:49.0217 0744        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
00:36:49.0232 0744        Compbatt - ok
00:36:49.0482 0744        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
00:36:49.0482 0744        crcdisk - ok
00:36:49.0685 0744        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
00:36:49.0731 0744        Crusoe - ok
00:36:50.0137 0744        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
00:36:50.0184 0744        DfsC - ok
00:36:50.0262 0744        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
00:36:50.0277 0744        disk - ok
00:36:50.0324 0744        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
00:36:50.0355 0744        drmkaud - ok
00:36:50.0543 0744        DXGKrnl        (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
00:36:50.0636 0744        DXGKrnl - ok
00:36:50.0823 0744        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:36:50.0886 0744        E1G60 - ok
00:36:51.0260 0744        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
00:36:51.0276 0744        Ecache - ok
00:36:51.0432 0744        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
00:36:51.0463 0744        elxstor - ok
00:36:51.0588 0744        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
00:36:51.0635 0744        ErrDev - ok
00:36:51.0713 0744        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
00:36:51.0744 0744        exfat - ok
00:36:51.0791 0744        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
00:36:51.0853 0744        fastfat - ok
00:36:51.0978 0744        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
00:36:52.0040 0744        fdc - ok
00:36:52.0087 0744        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
00:36:52.0087 0744        FileInfo - ok
00:36:52.0337 0744        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
00:36:52.0383 0744        Filetrace - ok
00:36:52.0539 0744        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
00:36:52.0602 0744        flpydisk - ok
00:36:52.0945 0744        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
00:36:52.0961 0744        FltMgr - ok
00:36:53.0039 0744        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
00:36:53.0070 0744        Fs_Rec - ok
00:36:53.0117 0744        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
00:36:53.0132 0744        gagp30kx - ok
00:36:53.0195 0744        ggflt          (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
00:36:53.0195 0744        ggflt - ok
00:36:53.0257 0744        ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
00:36:53.0257 0744        ggsemc - ok
00:36:53.0319 0744        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
00:36:53.0382 0744        HdAudAddService - ok
00:36:53.0429 0744        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:36:53.0491 0744        HDAudBus - ok
00:36:53.0522 0744        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:36:53.0585 0744        HidBth - ok
00:36:53.0725 0744        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:36:53.0787 0744        HidIr - ok
00:36:53.0881 0744        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
00:36:53.0928 0744        HidUsb - ok
00:36:54.0177 0744        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
00:36:54.0193 0744        HpCISSs - ok
00:36:54.0287 0744        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
00:36:54.0349 0744        HTTP - ok
00:36:54.0443 0744        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
00:36:54.0458 0744        i2omp - ok
00:36:54.0599 0744        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
00:36:54.0661 0744        i8042prt - ok
00:36:54.0708 0744        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
00:36:54.0723 0744        iaStorV - ok
00:36:54.0786 0744        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:36:54.0801 0744        iirsp - ok
00:36:55.0347 0744        IntcAzAudAddService (34b8b4a442046e3d5fdd0b17926cf3f1) C:\Windows\system32\drivers\RTKVHDA.sys
00:36:55.0410 0744        IntcAzAudAddService - ok
00:36:55.0535 0744        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
00:36:55.0535 0744        intelide - ok
00:36:55.0644 0744        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
00:36:55.0691 0744        intelppm - ok
00:36:55.0753 0744        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:36:55.0800 0744        IpFilterDriver - ok
00:36:55.0956 0744        IpInIp - ok
00:36:56.0159 0744        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
00:36:56.0205 0744        IPMIDRV - ok
00:36:56.0283 0744        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
00:36:56.0330 0744        IPNAT - ok
00:36:56.0549 0744        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
00:36:56.0595 0744        IRENUM - ok
00:36:56.0705 0744        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
00:36:56.0705 0744        isapnp - ok
00:36:56.0767 0744        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
00:36:56.0783 0744        iScsiPrt - ok
00:36:57.0001 0744        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:36:57.0001 0744        iteatapi - ok
00:36:57.0235 0744        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:36:57.0251 0744        iteraid - ok
00:36:57.0531 0744        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:36:57.0547 0744        kbdclass - ok
00:36:57.0999 0744        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
00:36:58.0046 0744        kbdhid - ok
00:36:58.0499 0744        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
00:36:58.0530 0744        KSecDD - ok
00:36:58.0655 0744        L8042mou        (d6fc755ff505d99e6cc73e83492310df) C:\Windows\system32\DRIVERS\L8042mou.Sys
00:36:58.0670 0744        L8042mou - ok
00:36:58.0811 0744        LGBusEnum      (170e7093a77ad586f3a012a3db651d94) C:\Windows\system32\drivers\LGBusEnum.sys
00:36:58.0826 0744        LGBusEnum - ok
00:36:58.0873 0744        LGVirHid        (d2dd04d1c8df65eecd1f2c7fb947d43e) C:\Windows\system32\drivers\LGVirHid.sys
00:36:58.0889 0744        LGVirHid - ok
00:36:58.0951 0744        LHidFilt        (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
00:36:58.0967 0744        LHidFilt - ok
00:36:59.0357 0744        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
00:36:59.0403 0744        lltdio - ok
00:36:59.0715 0744        LMouFilt        (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys
00:36:59.0731 0744        LMouFilt - ok
00:36:59.0762 0744        LMouKE          (c149bdad13194df16ea33f9f601ed7bf) C:\Windows\system32\DRIVERS\LMouKE.Sys
00:36:59.0778 0744        LMouKE - ok
00:36:59.0825 0744        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
00:36:59.0840 0744        LSI_FC - ok
00:37:00.0027 0744        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
00:37:00.0043 0744        LSI_SAS - ok
00:37:00.0339 0744        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
00:37:00.0355 0744        LSI_SCSI - ok
00:37:00.0683 0744        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
00:37:00.0714 0744        luafv - ok
00:37:00.0839 0744        LUsbFilt        (144011d14bd35f4e36136ae057b1aadd) C:\Windows\system32\Drivers\LUsbFilt.Sys
00:37:00.0839 0744        LUsbFilt - ok
00:37:00.0917 0744        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
00:37:00.0917 0744        megasas - ok
00:37:01.0166 0744        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
00:37:01.0213 0744        MegaSR - ok
00:37:01.0603 0744        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
00:37:01.0665 0744        Modem - ok
00:37:01.0806 0744        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
00:37:01.0853 0744        monitor - ok
00:37:01.0868 0744        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
00:37:01.0884 0744        mouclass - ok
00:37:02.0289 0744        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
00:37:02.0352 0744        mouhid - ok
00:37:02.0679 0744        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
00:37:02.0695 0744        MountMgr - ok
00:37:03.0163 0744        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
00:37:03.0163 0744        mpio - ok
00:37:03.0459 0744        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
00:37:03.0506 0744        mpsdrv - ok
00:37:03.0912 0744        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:37:03.0927 0744        Mraid35x - ok
00:37:04.0239 0744        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
00:37:04.0302 0744        MRxDAV - ok
00:37:04.0333 0744        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:37:04.0395 0744        mrxsmb - ok
00:37:04.0676 0744        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:37:04.0723 0744        mrxsmb10 - ok
00:37:04.0879 0744        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:37:04.0910 0744        mrxsmb20 - ok
00:37:05.0207 0744        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
00:37:05.0222 0744        msahci - ok
00:37:05.0472 0744        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
00:37:05.0487 0744        msdsm - ok
00:37:05.0690 0744        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
00:37:05.0737 0744        Msfs - ok
00:37:05.0799 0744        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
00:37:05.0815 0744        msisadrv - ok
00:37:05.0893 0744        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
00:37:05.0940 0744        MSKSSRV - ok
00:37:06.0049 0744        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
00:37:06.0080 0744        MSPCLOCK - ok
00:37:06.0221 0744        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
00:37:06.0267 0744        MSPQM - ok
00:37:06.0330 0744        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
00:37:06.0345 0744        MsRPC - ok
00:37:06.0486 0744        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
00:37:06.0501 0744        mssmbios - ok
00:37:06.0579 0744        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
00:37:06.0626 0744        MSTEE - ok
00:37:06.0767 0744        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
00:37:06.0782 0744        Mup - ok
00:37:06.0876 0744        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
00:37:06.0907 0744        NativeWifiP - ok
00:37:07.0079 0744        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
00:37:07.0094 0744        NDIS - ok
00:37:07.0157 0744        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
00:37:07.0188 0744        NdisTapi - ok
00:37:07.0266 0744        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
00:37:07.0297 0744        Ndisuio - ok
00:37:07.0469 0744        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:37:07.0515 0744        NdisWan - ok
00:37:07.0593 0744        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
00:37:07.0640 0744        NDProxy - ok
00:37:07.0703 0744        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
00:37:07.0749 0744        NetBIOS - ok
00:37:07.0827 0744        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
00:37:07.0859 0744        netbt - ok
00:37:08.0030 0744        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:37:08.0046 0744        nfrd960 - ok
00:37:08.0217 0744        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
00:37:08.0264 0744        Npfs - ok
00:37:08.0498 0744        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
00:37:08.0561 0744        nsiproxy - ok
00:37:08.0919 0744        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
00:37:08.0966 0744        Ntfs - ok
00:37:09.0044 0744        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:37:09.0122 0744        ntrigdigi - ok
00:37:09.0341 0744        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
00:37:09.0387 0744        Null - ok
00:37:09.0684 0744        NVENETFD        (b896fb556b4dc1e1d2943559ea79c5c5) C:\Windows\system32\DRIVERS\nvmfdx32.sys
00:37:09.0715 0744        NVENETFD - ok
00:37:10.0448 0744        nvlddmkm        (484844c0d892b42ecc5e6b063d072a38) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:37:10.0698 0744        nvlddmkm - ok
00:37:10.0776 0744        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
00:37:10.0791 0744        nvraid - ok
00:37:10.0916 0744        nvrd32          (f2abab0c99237ce4e97478af2e0438a0) C:\Windows\system32\drivers\nvrd32.sys
00:37:10.0932 0744        nvrd32 - ok
00:37:10.0963 0744        nvsmu          (7ec12a73067baca25a8e3e2a58ae83d8) C:\Windows\system32\drivers\nvsmu.sys
00:37:10.0979 0744        nvsmu - ok
00:37:10.0994 0744        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
00:37:11.0010 0744        nvstor - ok
00:37:11.0041 0744        nvstor32        (8ffb327669b980549bd318d939a34f9b) C:\Windows\system32\drivers\nvstor32.sys
00:37:11.0057 0744        nvstor32 - ok
00:37:11.0135 0744        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
00:37:11.0150 0744        nv_agp - ok
00:37:11.0213 0744        NwlnkFlt - ok
00:37:11.0306 0744        NwlnkFwd - ok
00:37:11.0369 0744        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
00:37:11.0431 0744        ohci1394 - ok
00:37:11.0493 0744        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
00:37:11.0571 0744        Parport - ok
00:37:11.0774 0744        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
00:37:11.0790 0744        partmgr - ok
00:37:11.0837 0744        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
00:37:11.0899 0744        Parvdm - ok
00:37:12.0149 0744        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
00:37:12.0164 0744        pci - ok
00:37:12.0227 0744        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
00:37:12.0242 0744        pciide - ok
00:37:12.0305 0744        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
00:37:12.0320 0744        pcmcia - ok
00:37:12.0398 0744        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:37:12.0507 0744        PEAUTH - ok
00:37:13.0038 0744        PID_PEPI        (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS
00:37:13.0303 0744        PID_PEPI - ok
00:37:13.0521 0744        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
00:37:13.0553 0744        PptpMiniport - ok
00:37:13.0662 0744        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
00:37:13.0709 0744        Processor - ok
00:37:13.0802 0744        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
00:37:13.0849 0744        PSched - ok
00:37:13.0911 0744        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
00:37:13.0927 0744        PxHelp20 - ok
00:37:14.0052 0744        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
00:37:14.0145 0744        ql2300 - ok
00:37:14.0192 0744        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:37:14.0192 0744        ql40xx - ok
00:37:14.0255 0744        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
00:37:14.0286 0744        QWAVEdrv - ok
00:37:14.0348 0744        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
00:37:14.0395 0744        RasAcd - ok
00:37:14.0426 0744        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:37:14.0489 0744        Rasl2tp - ok
00:37:14.0598 0744        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
00:37:14.0629 0744        RasPppoe - ok
00:37:14.0769 0744        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
00:37:14.0785 0744        RasSstp - ok
00:37:14.0957 0744        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
00:37:15.0003 0744        rdbss - ok
00:37:15.0066 0744        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:37:15.0113 0744        RDPCDD - ok
00:37:15.0269 0744        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
00:37:15.0300 0744        rdpdr - ok
00:37:15.0456 0744        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
00:37:15.0487 0744        RDPENCDD - ok
00:37:15.0643 0744        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
00:37:15.0690 0744        RDPWD - ok
00:37:15.0877 0744        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
00:37:15.0908 0744        rspndr - ok
00:37:16.0080 0744        RTL8187B        (900c2b5f473eba0f1997f7d2d80e2ad5) C:\Windows\system32\DRIVERS\RTL8187B.sys
00:37:16.0127 0744        RTL8187B - ok
00:37:16.0283 0744        RTL8192su      (0797877413d3225700d94488f06273a8) C:\Windows\system32\DRIVERS\RTL8192su.sys
00:37:16.0314 0744        RTL8192su - ok
00:37:16.0657 0744        RxFilter        (9235d02fabbd1deee6b7adb0a0a23300) C:\Windows\system32\DRIVERS\RxFilter.sys
00:37:16.0673 0744        RxFilter - ok
00:37:16.0860 0744        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:37:16.0875 0744        sbp2port - ok
00:37:16.0969 0744        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:37:17.0047 0744        secdrv - ok
00:37:17.0094 0744        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
00:37:17.0172 0744        Serenum - ok
00:37:17.0421 0744        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
00:37:17.0499 0744        Serial - ok
00:37:17.0687 0744        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
00:37:17.0749 0744        sermouse - ok
00:37:17.0858 0744        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
00:37:17.0874 0744        sffdisk - ok
00:37:17.0999 0744        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
00:37:18.0030 0744        sffp_mmc - ok
00:37:18.0045 0744        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
00:37:18.0077 0744        sffp_sd - ok
00:37:18.0264 0744        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
00:37:18.0326 0744        sfloppy - ok
00:37:18.0560 0744        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
00:37:18.0576 0744        sisagp - ok
00:37:18.0794 0744        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
00:37:18.0810 0744        SiSRaid2 - ok
00:37:19.0044 0744        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
00:37:19.0059 0744        SiSRaid4 - ok
00:37:19.0325 0744        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
00:37:19.0371 0744        Smb - ok
00:37:19.0512 0744        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
00:37:19.0527 0744        spldr - ok
00:37:19.0699 0744        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
00:37:19.0746 0744        srv - ok
00:37:19.0839 0744        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
00:37:19.0886 0744        srv2 - ok
00:37:19.0917 0744        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
00:37:19.0949 0744        srvnet - ok
00:37:19.0980 0744        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
00:37:19.0995 0744        ssmdrv - ok
00:37:20.0027 0744        SSMO3v2Filter - ok
00:37:20.0105 0744        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
00:37:20.0120 0744        swenum - ok
00:37:20.0354 0744        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:37:20.0370 0744        Symc8xx - ok
00:37:20.0604 0744        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:37:20.0619 0744        Sym_hi - ok
00:37:20.0869 0744        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:37:20.0885 0744        Sym_u3 - ok
00:37:21.0477 0744        Tcpip          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
00:37:21.0555 0744        Tcpip - ok
00:37:21.0914 0744        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
00:37:21.0945 0744        Tcpip6 - ok
00:37:22.0179 0744        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
00:37:22.0226 0744        tcpipreg - ok
00:37:22.0491 0744        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
00:37:22.0554 0744        TDPIPE - ok
00:37:22.0757 0744        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
00:37:22.0788 0744        TDTCP - ok
00:37:23.0084 0744        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
00:37:23.0131 0744        tdx - ok
00:37:23.0521 0744        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
00:37:23.0537 0744        TermDD - ok
00:37:23.0880 0744        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:37:23.0942 0744        tssecsrv - ok
00:37:24.0192 0744        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
00:37:24.0254 0744        tunmp - ok
00:37:24.0301 0744        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
00:37:24.0348 0744        tunnel - ok
00:37:24.0379 0744        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
00:37:24.0395 0744        uagp35 - ok
00:37:24.0691 0744        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
00:37:24.0707 0744        udfs - ok
00:37:25.0097 0744        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
00:37:25.0112 0744        uliagpkx - ok
00:37:25.0455 0744        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
00:37:25.0471 0744        uliahci - ok
00:37:25.0955 0744        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:37:25.0970 0744        UlSata - ok
00:37:26.0126 0744        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:37:26.0142 0744        ulsata2 - ok
00:37:26.0407 0744        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
00:37:26.0469 0744        umbus - ok
00:37:26.0672 0744        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
00:37:26.0735 0744        usbaudio - ok
00:37:26.0953 0744        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
00:37:27.0000 0744        usbccgp - ok
00:37:27.0031 0744        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:37:27.0109 0744        usbcir - ok
00:37:27.0171 0744        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
00:37:27.0218 0744        usbehci - ok
00:37:27.0265 0744        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
00:37:27.0312 0744        usbhub - ok
00:37:27.0499 0744        usbohci        (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
00:37:27.0546 0744        usbohci - ok
00:37:27.0951 0744        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
00:37:27.0998 0744        usbprint - ok
00:37:28.0139 0744        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
00:37:28.0170 0744        usbscan - ok
00:37:28.0466 0744        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:37:28.0529 0744        USBSTOR - ok
00:37:28.0794 0744        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
00:37:28.0856 0744        usbuhci - ok
00:37:29.0121 0744        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
00:37:29.0137 0744        vga - ok
00:37:29.0449 0744        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
00:37:29.0480 0744        VgaSave - ok
00:37:29.0667 0744        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
00:37:29.0683 0744        viaagp - ok
00:37:29.0808 0744        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
00:37:29.0870 0744        ViaC7 - ok
00:37:30.0042 0744        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
00:37:30.0057 0744        viaide - ok
00:37:30.0151 0744        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
00:37:30.0167 0744        volmgr - ok
00:37:30.0385 0744        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
00:37:30.0401 0744        volmgrx - ok
00:37:30.0759 0744        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
00:37:30.0775 0744        volsnap - ok
00:37:30.0884 0744        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
00:37:30.0900 0744        vsmraid - ok
00:37:31.0134 0744        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:37:31.0227 0744        WacomPen - ok
00:37:31.0415 0744        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:37:31.0446 0744        Wanarp - ok
00:37:31.0477 0744        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:37:31.0493 0744        Wanarpv6 - ok
00:37:31.0711 0744        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
00:37:31.0727 0744        Wd - ok
00:37:31.0992 0744        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
00:37:32.0007 0744        Wdf01000 - ok
00:37:32.0101 0744        WinUSB          (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
00:37:32.0117 0744        WinUSB - ok
00:37:32.0195 0744        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:37:32.0257 0744        WmiAcpi - ok
00:37:32.0585 0744        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
00:37:32.0647 0744        ws2ifsl - ok
00:37:32.0975 0744        WUDFRd          (c250a1232459fb20191fe3bd1162b339) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:37:33.0006 0744        WUDFRd ( UnsignedFile.Multi.Generic ) - warning
00:37:33.0006 0744        WUDFRd - detected UnsignedFile.Multi.Generic (1)
00:37:33.0037 0744        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
00:37:33.0240 0744        \Device\Harddisk0\DR0 - ok
00:37:33.0255 0744        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
00:37:33.0318 0744        \Device\Harddisk1\DR1 - ok
00:37:33.0333 0744        Boot (0x1200)  (63ac2c6b9b1f697647dc0a6686ff0af9) \Device\Harddisk0\DR0\Partition0
00:37:33.0365 0744        \Device\Harddisk0\DR0\Partition0 - ok
00:37:33.0380 0744        Boot (0x1200)  (ff19b52dad85f57f05f3ccd643160715) \Device\Harddisk1\DR1\Partition0
00:37:33.0380 0744        \Device\Harddisk1\DR1\Partition0 - ok
00:37:33.0380 0744        ============================================================
00:37:33.0380 0744        Scan finished
00:37:33.0380 0744        ============================================================
00:37:33.0396 1192        Detected object count: 1
00:37:33.0396 1192        Actual detected object count: 1
00:37:38.0793 1192        WUDFRd ( UnsignedFile.Multi.Generic ) - skipped by user
00:37:38.0793 1192        WUDFRd ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 08.03.2012 10:32
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Adora 08.03.2012 11:39
Combofix Logfile:
Code:
ComboFix 12-03-08.01 - Dadudu 08.03.2012  11:29:48.1.4 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3325.2116 [GMT 1:00]
ausgeführt von:: c:\_otl\MovedFiles\03072012_204642\C_Users\Dadudu\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dadudu\AppData\Local\._Revolution_
c:\users\Dadudu\AppData\Local\assembly\tmp
c:\windows\Fonts\DejaVuMonoSans.ttf
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-08 bis 2012-03-08  ))))))))))))))))))))))))))))))
.
.
2012-03-08 10:35 . 2012-03-08 10:35        --------        d-----w-        c:\users\Dadudu\AppData\Local\temp
2012-03-08 10:35 . 2012-03-08 10:35        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-03-07 23:30 . 2012-03-07 23:30        --------        d-----w-        C:\TDSSKiller_Quarantine
2012-03-07 20:03 . 2012-03-07 20:03        --------        d-----w-        c:\program files\TeamSpeak 3 Client
2012-03-07 12:14 . 2012-03-07 12:14        --------        d-----w-        c:\program files\ESET
2012-03-07 11:05 . 2009-10-23 17:10        714240        ----a-w-        c:\windows\system32\timedate.cpl
2012-03-07 11:04 . 2012-03-07 11:04        --------        d-----w-        c:\users\Dadudu\AppData\Roaming\Malwarebytes
2012-03-07 11:04 . 2012-03-07 11:04        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-07 11:04 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-07 11:04 . 2012-03-07 11:04        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-03-07 10:57 . 2012-03-07 10:57        --------        d-----w-        c:\program files\Windows Portable Devices
2012-03-06 16:17 . 2009-09-10 02:00        92672        ----a-w-        c:\windows\system32\UIAnimation.dll
2012-03-06 16:17 . 2009-09-10 02:01        3023360        ----a-w-        c:\windows\system32\UIRibbon.dll
2012-03-06 16:17 . 2009-09-10 02:00        1164800        ----a-w-        c:\windows\system32\UIRibbonRes.dll
2012-03-06 16:17 . 2009-09-25 01:33        369664        ----a-w-        c:\windows\system32\WMPhoto.dll
2012-03-06 16:17 . 2009-09-25 02:10        974848        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2012-03-06 16:17 . 2009-09-25 02:07        189440        ----a-w-        c:\windows\system32\WindowsCodecsExt.dll
2012-03-06 16:17 . 2009-09-25 02:04        321024        ----a-w-        c:\windows\system32\PhotoMetadataHandler.dll
2012-03-06 16:17 . 2009-09-25 01:33        195584        ----a-w-        c:\windows\system32\dxdiagn.dll
2012-03-06 16:17 . 2009-09-25 01:32        252928        ----a-w-        c:\windows\system32\dxdiag.exe
2012-03-06 16:17 . 2009-09-25 01:31        519680        ----a-w-        c:\windows\system32\d3d11.dll
2012-03-06 14:32 . 2012-03-06 14:32        --------        d-----w-        c:\program files\Common Files\Java
2012-03-06 14:31 . 2011-11-18 17:47        66560        ----a-w-        c:\windows\system32\packager.dll
2012-03-06 14:31 . 2011-11-25 15:59        376320        ----a-w-        c:\windows\system32\winsrv.dll
2012-03-06 14:31 . 2010-08-26 16:34        1696256        ----a-w-        c:\windows\system32\gameux.dll
2012-03-06 14:31 . 2011-03-03 15:40        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll
2012-03-06 14:31 . 2011-03-03 13:35        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2012-03-06 14:28 . 2011-11-16 16:23        72704        ----a-w-        c:\windows\system32\secur32.dll
2012-03-06 14:28 . 2011-11-16 14:12        9728        ----a-w-        c:\windows\system32\lsass.exe
2012-03-06 14:28 . 2012-03-06 14:28        --------        d-----w-        c:\program files\Java
2012-03-06 14:28 . 2011-11-08 14:42        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-03-06 14:27 . 2011-12-20 10:56        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2012-03-06 14:26 . 2012-03-01 12:34        6552120        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A5FEA63-23C7-470D-9545-2CC390A70EE6}\mpengine.dll
2012-03-06 14:26 . 2011-09-30 15:57        707584        ----a-w-        c:\program files\Common Files\System\wab32.dll
2012-03-06 14:25 . 2009-09-10 14:58        1418752        ----a-w-        c:\program files\Windows Media Player\setup_wm.exe
2012-03-06 14:25 . 2009-09-10 14:58        310784        ----a-w-        c:\windows\system32\unregmp2.exe
2012-03-06 14:15 . 2012-03-06 14:15        --------        d-----w-        C:\_OTL
2012-03-06 13:51 . 2012-03-06 13:51        --------        d-----w-        c:\program files\DIFX
2012-03-06 13:50 . 2007-09-04 17:08        286208        ----a-w-        c:\windows\system32\drivers\RTL8187B.sys
2012-03-05 09:09 . 2012-03-07 20:04        --------        d-----w-        c:\program files\RIFT Game
2012-03-04 20:27 . 2012-03-04 20:27        --------        d-----w-        c:\users\Dadudu\AppData\Roaming\Avira
2012-03-04 20:26 . 2012-01-31 07:56        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-03-04 20:26 . 2012-01-31 07:56        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-03-04 20:26 . 2011-09-16 15:08        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-03-04 20:26 . 2012-03-04 20:26        --------        d-----w-        c:\programdata\Avira
2012-03-04 20:26 . 2012-03-04 20:26        --------        d-----w-        c:\program files\Avira
2012-03-04 19:34 . 2012-03-08 10:23        --------        d-----w-        c:\users\Dadudu\Tracing
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 14:29 . 2011-06-29 10:22        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2012-02-23 08:18 . 2009-10-05 17:55        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-02-16 14:55 . 2012-03-07 13:59        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"ACTIVBOARD"="c:\program files\Packard Bell\FIJI\aboard.exe" [2007-01-18 79416]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-08 c:\windows\Tasks\Erweiterte Garantie-Dadudu.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-05-26 10:13]
.
2012-03-08 c:\windows\Tasks\Recovery DVD Creator-Dadudu.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-05-26 10:13]
.
.
------- Zusätzlicher Suchlauf -------
.
mLocal Page =
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Dadudu\AppData\Roaming\Mozilla\Firefox\Profiles\4z5896wz.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Sony Ericsson PC Companion - c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
SafeBoot-29920042.sys
AddRemove-Mozilla Thunderbird (8.0) - c:\program files\Mozilla Thunderbird\uninstall\helper.exe
AddRemove-NSS - c:\program files\Norton Security Scan\Engine\3.5.1.10\InstWrap.exe
AddRemove-SEMC OMSI Module - c:\program files\Sony Ericsson\Update Engine\uninst.exe
AddRemove-Update Engine - c:\program files\Sony Ericsson\Update Engine\uninst.exe
AddRemove-{A2F166A0-F031-4E27-A057-C69733219434}_is1 - c:\program files\Runes of Magic\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-08 11:35
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-08  11:38:20
ComboFix-quarantined-files.txt  2012-03-08 10:38
.
Vor Suchlauf: 10 Verzeichnis(se), 369.343.361.024 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 369.008.082.944 Bytes frei
.
- - End Of File - - BB7C2FC1B8EEF8B40C53CC579DC5A990
--- --- ---

cosinus 08.03.2012 11:43
Zitat:
2012-03-07 23:30 . 2012-03-07 23:30 -------- d-----w- C:\TDSSKiller_Quarantine
Was hast du mit dem TDSS-Killer gefixt/gelöscht? Du solltest doch alle nur skippen!

Adora 08.03.2012 11:57
Hab eigentlich alles geskiped so wie gesagt. Hab nur aus Versehen beim ersten mal nicht alle settings so gemacht wie beschrieben, dann aber alles so gemacht.

Hab die Datei aber gefunden, soll ich dir irgendwas davon posten oder die wiederherstellen?

Sorry für die "Überstunden"... Frauen und Technik:stirn:


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:38 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131