Trojaner-Board - iexplorer.exe startet selbstständig mehrere Prozesse im Hintergrund

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - iexplorer.exe startet selbstständig mehrere Prozesse im Hintergrund (https://www.trojaner-board.de/96755-iexplorer-exe-startet-selbststaendig-mehrere-prozesse-hintergrund.html)

iexplorer.exe startet selbstständig mehrere Prozesse im Hintergrund

Hallo,
habe das gleiche Problem, wie es hier schon beschrieben wurde -> http://www.trojaner-board.de/95910-i...tergrund.html.
iexplore.exe wird im Hintergrund mehrfach als Prozess ausgeführt ohne das IE gestartet wurde. Ich nutze ausschliesslich Firefox. Anbei die log (log.zip).
Weiß jemand, was ich mir da gefangen habe?
:dankeschoen: im Voraus

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Das ist alles was ich bieten kann ... (siehe Anhang)

Grüße

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O4 - HKLM..\Run: []  File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.08.02 13:29:53 | 000,000,049 | R--- | M] () - I:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{5b393d00-1180-11df-9933-824479cf69e6}\Shell - "" = AutoRun

O33 - MountPoints2\{5b393d00-1180-11df-9933-824479cf69e6}\Shell\AutoRun\command - "" = I:\start.exe -- [2010.08.02 13:29:57 | 013,612,683 | R--- | M] (Galileo Press                       )

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:60466E88

@Alternate Data Stream - 1170 bytes -> C:\ProgramData\Microsoft:cUU2cxOhwYmOWcpWiy9rO

@Alternate Data Stream - 1131 bytes -> C:\ProgramData\Microsoft:VG998vVfYfobNPt4WKh8tDIwLT

@Alternate Data Stream - 1013 bytes -> C:\Users\Admin\AppData\Local\Lgz8QFagKB:Oml4UsUsOMoHPlWYKwiXIlJTH

@Alternate Data Stream - 1010 bytes -> C:\Users\Admin\AppData\Local\CUvfUdeovv:27oRXF4DijpuICGG6ktAxRP

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Nach dem Fix Rechner neugestartet. Hier der Log, der nach dem Neustart erstellt wurde:

Code:

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

File move failed. I:\autorun.inf scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b393d00-1180-11df-9933-824479cf69e6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b393d00-1180-11df-9933-824479cf69e6}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b393d00-1180-11df-9933-824479cf69e6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b393d00-1180-11df-9933-824479cf69e6}\ not found.

File move failed. I:\start.exe scheduled to be moved on reboot.

ADS C:\ProgramData\TEMP:60466E88 deleted successfully.

ADS C:\ProgramData\Microsoft:cUU2cxOhwYmOWcpWiy9rO deleted successfully.

ADS C:\ProgramData\Microsoft:VG998vVfYfobNPt4WKh8tDIwLT deleted successfully.

ADS C:\Users\Admin\AppData\Local\Lgz8QFagKB:Oml4UsUsOMoHPlWYKwiXIlJTH deleted successfully.

ADS C:\Users\Admin\AppData\Local\CUvfUdeovv:27oRXF4DijpuICGG6ktAxRP deleted successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: Admin

->Temp folder emptied: 2194650653 bytes

->Temporary Internet Files folder emptied: 1312700259 bytes

->Java cache emptied: 4173529 bytes

->FireFox cache emptied: 67909021 bytes

->Google Chrome cache emptied: 17976513 bytes

->Flash cache emptied: 77537 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 356352 bytes

%systemroot%\System32 .tmp files removed: 1619120 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 119728210 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 3.547,00 mb

 

 

OTL by OldTimer - Version 3.2.1.3 log created on 03232011_222815
 

Files\Folders moved on Reboot...

File\Folder I:\autorun.inf not found!

File\Folder I:\start.exe not found!

C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W70EN8TQ\01CA31K0DR.htm moved successfully.

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W70EN8TQ\01CAH1PQED.htm moved successfully.

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W70EN8TQ\LiveItemDetailCAAMUV46.htm moved successfully.

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W70EN8TQ\LiveItemDetailCAPC4J31.htm moved successfully.

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QRVD5J15\01CA0H5U1U.htm moved successfully.

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QRVD5J15\blank[1].htm moved successfully.

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QRVD5J15\LiveItemDetailCA6785ZN.htm moved successfully.

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C4LDCMAH\01CAFBLO12.htm moved successfully.

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C4LDCMAH\LiveItemDetailCARJ1DY7.htm moved successfully.

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2336.log moved successfully.
 

Registry entries deleted on Reboot...

IE startet immer noch im Hintergrund :heulen:

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Nach der Aktion kann ich nichts mehr machen. Sobald ich ein Programm öffnen will kommt die Meldung

Code:

Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde

Wat nu?:confused:

hier noch das log-file, das ich über Umwege auf einem anderen System speichern konnte:

Code:

ComboFix 11-03-23.04 - Admin 24.03.2011  10:50:16.1.3 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.8191.6159 [GMT 1:00]

ausgeführt von:: c:\users\Admin\Desktop\cofi.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\tcpview\tcpview.exe

c:\users\Admin\AppData\Local\Temp\sfamcc00001.dll

c:\users\Admin\AppData\Local\Temp\sfareca00001.dll

c:\users\Admin\AppData\Roaming\Bilder

c:\users\Admin\AppData\Roaming\Sysutils_Update

c:\windows\SysWow64\Ijl11.dll

c:\windows\SysWow64\ui

c:\windows\SysWow64\ui\BANNER\LOADINGEVENT1.SOR

c:\windows\SysWow64\ui\BANNER\LOADINGEVENT2.SOR

c:\windows\SysWow64\ui\BANNER\LOADINGIMGOPT.SOR

c:\windows\SysWow64\ui\BANNER\NOTICE_BANNER1.SOR

c:\windows\SysWow64\ui\BANNER\NOTICE_BANNER2.SOR

c:\windows\SysWow64\ui\BANNER\NOTICE_BANNER3.SOR

c:\windows\SysWow64\ui\BANNER\NOTICE_BANNER4.SOR

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-02-24 bis 2011-03-24  ))))))))))))))))))))))))))))))

.

.

2011-03-24 09:54 . 2011-03-24 09:54        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-03-24 09:31 . 2011-03-24 09:31        --------        d-----w-        c:\program files\CCleaner

2011-03-23 21:28 . 2011-03-23 21:28        --------        d-----w-        C:\_OTL

2011-03-23 11:42 . 2011-03-23 11:42        --------        d-----w-        c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com

2011-03-23 11:42 . 2011-03-23 11:42        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com

2011-03-23 11:42 . 2011-03-23 11:42        --------        d-----w-        c:\programdata\!SASCORE

2011-03-23 11:42 . 2011-03-23 11:42        --------        d-----w-        c:\program files\SUPERAntiSpyware

2011-03-22 16:52 . 2009-08-17 16:58        529920        ----a-w-        c:\windows\system32\VIASysFx.dll

2011-03-16 16:41 . 2011-03-16 16:41        --------        d-----w-        c:\programdata\Ubisoft

2011-03-16 16:34 . 2011-03-16 16:34        --------        d-----w-        c:\users\Admin\AppData\Roaming\PunkBuster

2011-03-15 12:13 . 2011-03-15 12:13        995328        ----a-w-        c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2011-03-14 11:21 . 2011-02-18 14:57        2128360        ----a-w-        c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System\CPU-Z\cpuz.exe

2011-03-14 09:34 . 2011-03-14 09:34        --------        d-----w-        c:\windows\system32\SPReview

2011-03-14 09:34 . 2011-03-14 09:34        --------        d-----w-        c:\windows\system32\EventProviders

2011-03-14 09:31 . 2010-11-05 01:57        48976        ----a-w-        c:\windows\system32\netfxperf.dll

2011-03-14 09:31 . 2010-11-05 01:57        1942856        ----a-w-        c:\windows\system32\dfshim.dll

2011-03-14 09:29 . 2010-11-20 13:27        475136        ----a-w-        c:\windows\system32\wlangpui.dll

2011-03-14 09:28 . 2010-11-20 13:27        37376        ----a-w-        c:\windows\system32\wups2.dll

2011-03-14 09:27 . 2011-02-19 12:04        1544192        ----a-w-        c:\windows\system32\DWrite.dll

2011-03-14 09:27 . 2011-02-19 12:04        902656        ----a-w-        c:\windows\system32\d2d1.dll

2011-03-14 09:27 . 2011-02-19 06:30        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll

2011-03-14 09:27 . 2011-02-19 12:05        1139200        ----a-w-        c:\windows\system32\FntCache.dll

2011-03-14 09:27 . 2011-02-19 06:30        1076736        ----a-w-        c:\windows\SysWow64\DWrite.dll

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-14 14:57 . 2010-09-24 20:21        307200        ----a-w-        c:\windows\SysWow64\TubeFinder.exe

2011-03-14 09:38 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll

2011-03-14 09:38 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll

2011-01-08 19:08 . 2010-02-22 13:52        1220416        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-01-05 03:37 . 2011-01-05 03:37        8283136        ----a-w-        c:\windows\system32\drivers\atikmdag.sys

2011-01-05 03:22 . 2011-01-05 03:22        22100480        ----a-w-        c:\windows\system32\atio6axx.dll

2011-01-05 03:03 . 2011-01-05 03:03        17043968        ----a-w-        c:\windows\SysWow64\atioglxx.dll

2011-01-05 03:02 . 2011-01-05 03:02        143360        ----a-w-        c:\windows\system32\atiapfxx.exe

2011-01-05 03:02 . 2011-01-05 03:02        596480        ----a-w-        c:\windows\SysWow64\aticfx32.dll

2011-01-05 03:01 . 2010-09-29 01:54        708608        ----a-w-        c:\windows\system32\aticfx64.dll

2011-01-05 02:58 . 2011-01-05 02:58        462848        ----a-w-        c:\windows\system32\ATIDEMGX.dll

2011-01-05 02:58 . 2011-01-05 02:58        480256        ----a-w-        c:\windows\system32\atieclxx.exe

2011-01-05 02:57 . 2011-01-05 02:57        203776        ----a-w-        c:\windows\system32\atiesrxx.exe

2011-01-05 02:56 . 2011-01-05 02:56        120320        ----a-w-        c:\windows\system32\atitmm64.dll

2011-01-05 02:56 . 2011-01-05 02:56        423424        ----a-w-        c:\windows\system32\atipdl64.dll

2011-01-05 02:56 . 2011-01-05 02:56        356352        ----a-w-        c:\windows\SysWow64\atipdlxx.dll

2011-01-05 02:55 . 2011-01-05 02:55        278528        ----a-w-        c:\windows\SysWow64\Oemdspif.dll

2011-01-05 02:55 . 2011-01-05 02:55        16384        ----a-w-        c:\windows\system32\atimuixx.dll

2011-01-05 02:55 . 2011-01-05 02:55        59392        ----a-w-        c:\windows\system32\atiedu64.dll

2011-01-05 02:55 . 2011-01-05 02:55        43520        ----a-w-        c:\windows\SysWow64\ati2edxx.dll

2011-01-05 02:52 . 2011-01-05 02:52        4101632        ----a-w-        c:\windows\SysWow64\atidxx32.dll

2011-01-05 02:43 . 2010-09-29 01:37        4844544        ----a-w-        c:\windows\system32\atidxx64.dll

2011-01-05 02:33 . 2011-01-05 02:33        51200        ----a-w-        c:\windows\system32\aticalrt64.dll

2011-01-05 02:33 . 2011-01-05 02:33        46080        ----a-w-        c:\windows\SysWow64\aticalrt.dll

2011-01-05 02:33 . 2011-01-05 02:33        44544        ----a-w-        c:\windows\system32\aticalcl64.dll

2011-01-05 02:33 . 2011-01-05 02:33        4162048        ----a-w-        c:\windows\SysWow64\atiumdag.dll

2011-01-05 02:33 . 2011-01-05 02:33        44032        ----a-w-        c:\windows\SysWow64\aticalcl.dll

2011-01-05 02:33 . 2011-01-05 02:33        6815232        ----a-w-        c:\windows\system32\aticaldd64.dll

2011-01-05 02:32 . 2011-01-05 02:32        1208320        ----a-w-        c:\windows\system32\atiumd6v.dll

2011-01-05 02:32 . 2009-11-25 02:43        3218944        ----a-w-        c:\windows\system32\atiumd6a.dll

2011-01-05 02:31 . 2011-01-05 02:31        5441024        ----a-w-        c:\windows\SysWow64\aticaldd.dll

2011-01-05 02:28 . 2010-03-20 12:52        58880        ----a-w-        c:\windows\system32\coinst.dll

2011-01-05 02:27 . 2009-11-25 02:50        5305856        ----a-w-        c:\windows\system32\atiumd64.dll

2011-01-05 02:25 . 2011-01-05 02:25        3461120        ----a-w-        c:\windows\SysWow64\atiumdva.dll

2011-01-05 02:20 . 2011-01-05 02:20        353792        ----a-w-        c:\windows\system32\atiadlxx.dll

2011-01-05 02:20 . 2011-01-05 02:20        249856        ----a-w-        c:\windows\SysWow64\atiadlxy.dll

2011-01-05 02:19 . 2011-01-05 02:19        14848        ----a-w-        c:\windows\system32\atig6pxx.dll

2011-01-05 02:19 . 2011-01-05 02:19        12800        ----a-w-        c:\windows\SysWow64\atiglpxx.dll

2011-01-05 02:19 . 2011-01-05 02:19        12800        ----a-w-        c:\windows\system32\atiglpxx.dll

2011-01-05 02:19 . 2011-01-05 02:19        32256        ----a-w-        c:\windows\system32\atig6txx.dll

2011-01-05 02:19 . 2011-01-05 02:19        27648        ----a-w-        c:\windows\SysWow64\atigktxx.dll

2011-01-05 02:19 . 2011-01-05 02:19        294400        ----a-w-        c:\windows\system32\drivers\atikmpag.sys

2011-01-05 02:18 . 2010-03-20 12:52        39936        ----a-w-        c:\windows\system32\atiuxp64.dll

2011-01-05 02:18 . 2011-01-05 02:18        30720        ----a-w-        c:\windows\SysWow64\atiuxpag.dll

2011-01-05 02:18 . 2010-03-20 12:52        38400        ----a-w-        c:\windows\system32\atiu9p64.dll

2011-01-05 02:18 . 2011-01-05 02:18        28672        ----a-w-        c:\windows\SysWow64\atiu9pag.dll

2011-01-05 02:17 . 2011-01-05 02:17        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll

2011-01-05 02:11 . 2011-01-05 02:11        53760        ----a-w-        c:\windows\system32\atimpc64.dll

2011-01-05 02:11 . 2011-01-05 02:11        53760        ----a-w-        c:\windows\system32\amdpcom64.dll

2011-01-05 02:11 . 2011-01-05 02:11        52736        ----a-w-        c:\windows\SysWow64\atimpc32.dll

2011-01-05 02:11 . 2011-01-05 02:11        52736        ----a-w-        c:\windows\SysWow64\amdpcom32.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-11-24 385024]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-12 5106904]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 336384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

SpeedFan.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2009-11-25 4009592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-14 135664]

R3 ALSysIO;ALSysIO;c:\users\Admin\AppData\Local\Temp\ALSysIO64.sys [x]

R3 cpuz130;cpuz130;c:\users\Admin\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]

R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\ShotOnline\GameGuard\dump_wmimmc.sys [x]

R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2009-10-01 26240]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 SaiH5F0D;SaiH5F0D;c:\windows\system32\DRIVERS\SaiH5F0D.sys [x]

R3 SaiU5F0D;SaiU5F0D;c:\windows\system32\DRIVERS\SaiU5F0D.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2009-12-14 515560]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]

R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [x]

S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]

S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-03-20 2480048]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-04 354304]

S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]

S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]

S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-14 15:42]

.

2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-14 15:42]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-12 361632]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.de/

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Client auf Monitor & öffnen1 - c:\windows\web\AOpenClient.htm

IE: Client auf Monitor & öffnen2 - c:\windows\web\AOpenClient.htm

IE: Free YouTube to Mp3 Converter - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {{605E5D27-BFA0-471F-87ED-98A2623D633C} - c:\program files (x86)\CADE 2.18.3\Web\new.htm

LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll

FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a88u9ehd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Macromedia Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]

"ImagePath"="\??\c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:7f,89,bb,9f,2a,c2,c0,79,fa,7f,53,22,e0,30,57,e1,88,d8,73,c4,42,

   a7,e0,56,29,6b,bb,44,f3,02,80,6f,fb,e6,45,88,41,8f,8f,fd,6e,90,39,fc,97,23,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:7f,89,bb,9f,2a,c2,c0,79,fa,7f,53,22,e0,30,57,e1,88,d8,73,c4,42,

   a7,e0,56,29,6b,bb,44,f3,02,80,6f,d5,3a,84,76,dd,7e,6c,92,6e,90,39,fc,97,23,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\windows\SysWOW64\vmnat.exe

c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe

c:\windows\SysWOW64\vmnetdhcp.exe

c:\program files (x86)\TeamViewer\Version5\TeamViewer.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-03-24  11:02:59 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-03-24 10:02

.

Vor Suchlauf: 9 Verzeichnis(se), 247.529.668.608 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 247.413.100.544 Bytes frei

.

- - End Of File - - 10B2973954AF9EE54BF8FD484CBD372C

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

File::

c:\windows\SysWow64\TubeFinder.exe

c:\windows\system32\drivers\tsusbflt.sys

c:\windows\system32\drivers\tsusbhub.sys

c:\windows\system32\drivers\rdvgkmd.sys

c:\windows\system32\DRIVERS\afcdp.sys
 

Driver::

TsUsbFlt

tsusbhub

VGPU

afcdp

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Wie schon gesagt, ich kann kein Programm mehr ausführen. Es erscheint immer die Meldung "Es wurde versucht ...."

Windows neu starten!!

Was soll ich machen?
Rechner neustarten?
Backup einspielen?
Übrigens Syswiederherstellung ist inaktiv geschaltet.

Obigen Eintrag löschen. Hatte den Browser nicht aktualisiert, Sorry

Was ist an Windows neu starten nicht zu verstehen?

Obigen Eintrag löschen. Hatte den Browser nicht aktualisiert, Sorry

Win wird jetzt neugestartet.

hier das log-file

Code:

ComboFix 11-03-23.06 - Admin 24.03.2011  15:56:53.2.3 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.8191.6355 [GMT 1:00]

ausgeführt von:: c:\users\Admin\Desktop\cofi.exe

Benutzte Befehlsschalter :: c:\users\Admin\Desktop\CFScript.txt

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

FILE ::

"c:\windows\system32\DRIVERS\afcdp.sys"

"c:\windows\system32\drivers\rdvgkmd.sys"

"c:\windows\system32\drivers\tsusbflt.sys"

"c:\windows\system32\drivers\tsusbhub.sys"

"c:\windows\SysWow64\TubeFinder.exe"

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Admin\AppData\Local\Temp\sfamcc00001.dll

c:\users\Admin\AppData\Local\Temp\sfareca00001.dll

c:\windows\system32\DRIVERS\afcdp.sys

c:\windows\SysWow64\TubeFinder.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_AFCDP

-------\Service_afcdp

-------\Service_TsUsbFlt

-------\Service_tsusbhub

-------\Service_VGPU

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-02-24 bis 2011-03-24  ))))))))))))))))))))))))))))))

.

.

2011-03-24 09:31 . 2011-03-24 09:31        --------        d-----w-        c:\program files\CCleaner

2011-03-23 21:28 . 2011-03-23 21:28        --------        d-----w-        C:\_OTL

2011-03-23 11:42 . 2011-03-23 11:42        --------        d-----w-        c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com

2011-03-23 11:42 . 2011-03-23 11:42        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com

2011-03-23 11:42 . 2011-03-23 11:42        --------        d-----w-        c:\programdata\!SASCORE

2011-03-23 11:42 . 2011-03-23 11:42        --------        d-----w-        c:\program files\SUPERAntiSpyware

2011-03-22 16:52 . 2009-08-17 16:58        529920        ----a-w-        c:\windows\system32\VIASysFx.dll

2011-03-16 16:41 . 2011-03-16 16:41        --------        d-----w-        c:\programdata\Ubisoft

2011-03-16 16:34 . 2011-03-16 16:34        --------        d-----w-        c:\users\Admin\AppData\Roaming\PunkBuster

2011-03-15 12:13 . 2011-03-15 12:13        995328        ----a-w-        c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2011-03-14 11:21 . 2011-02-18 14:57        2128360        ----a-w-        c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System\CPU-Z\cpuz.exe

2011-03-14 09:34 . 2011-03-14 09:34        --------        d-----w-        c:\windows\system32\SPReview

2011-03-14 09:34 . 2011-03-14 09:34        --------        d-----w-        c:\windows\system32\EventProviders

2011-03-14 09:31 . 2010-11-05 01:57        48976        ----a-w-        c:\windows\system32\netfxperf.dll

2011-03-14 09:31 . 2010-11-05 01:57        1942856        ----a-w-        c:\windows\system32\dfshim.dll

2011-03-14 09:29 . 2010-11-20 13:27        475136        ----a-w-        c:\windows\system32\wlangpui.dll

2011-03-14 09:28 . 2010-11-20 13:27        37376        ----a-w-        c:\windows\system32\wups2.dll

2011-03-14 09:27 . 2011-02-19 12:04        1544192        ----a-w-        c:\windows\system32\DWrite.dll

2011-03-14 09:27 . 2011-02-19 12:04        902656        ----a-w-        c:\windows\system32\d2d1.dll

2011-03-14 09:27 . 2011-02-19 06:30        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll

2011-03-14 09:27 . 2011-02-19 12:05        1139200        ----a-w-        c:\windows\system32\FntCache.dll

2011-03-14 09:27 . 2011-02-19 06:30        1076736        ----a-w-        c:\windows\SysWow64\DWrite.dll

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-14 09:38 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll

2011-03-14 09:38 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll

2011-01-08 19:08 . 2010-02-22 13:52        1220416        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-01-05 03:37 . 2011-01-05 03:37        8283136        ----a-w-        c:\windows\system32\drivers\atikmdag.sys

2011-01-05 03:22 . 2011-01-05 03:22        22100480        ----a-w-        c:\windows\system32\atio6axx.dll

2011-01-05 03:03 . 2011-01-05 03:03        17043968        ----a-w-        c:\windows\SysWow64\atioglxx.dll

2011-01-05 03:02 . 2011-01-05 03:02        143360        ----a-w-        c:\windows\system32\atiapfxx.exe

2011-01-05 03:02 . 2011-01-05 03:02        596480        ----a-w-        c:\windows\SysWow64\aticfx32.dll

2011-01-05 03:01 . 2010-09-29 01:54        708608        ----a-w-        c:\windows\system32\aticfx64.dll

2011-01-05 02:58 . 2011-01-05 02:58        462848        ----a-w-        c:\windows\system32\ATIDEMGX.dll

2011-01-05 02:58 . 2011-01-05 02:58        480256        ----a-w-        c:\windows\system32\atieclxx.exe

2011-01-05 02:57 . 2011-01-05 02:57        203776        ----a-w-        c:\windows\system32\atiesrxx.exe

2011-01-05 02:56 . 2011-01-05 02:56        120320        ----a-w-        c:\windows\system32\atitmm64.dll

2011-01-05 02:56 . 2011-01-05 02:56        423424        ----a-w-        c:\windows\system32\atipdl64.dll

2011-01-05 02:56 . 2011-01-05 02:56        356352        ----a-w-        c:\windows\SysWow64\atipdlxx.dll

2011-01-05 02:55 . 2011-01-05 02:55        278528        ----a-w-        c:\windows\SysWow64\Oemdspif.dll

2011-01-05 02:55 . 2011-01-05 02:55        16384        ----a-w-        c:\windows\system32\atimuixx.dll

2011-01-05 02:55 . 2011-01-05 02:55        59392        ----a-w-        c:\windows\system32\atiedu64.dll

2011-01-05 02:55 . 2011-01-05 02:55        43520        ----a-w-        c:\windows\SysWow64\ati2edxx.dll

2011-01-05 02:52 . 2011-01-05 02:52        4101632        ----a-w-        c:\windows\SysWow64\atidxx32.dll

2011-01-05 02:43 . 2010-09-29 01:37        4844544        ----a-w-        c:\windows\system32\atidxx64.dll

2011-01-05 02:33 . 2011-01-05 02:33        51200        ----a-w-        c:\windows\system32\aticalrt64.dll

2011-01-05 02:33 . 2011-01-05 02:33        46080        ----a-w-        c:\windows\SysWow64\aticalrt.dll

2011-01-05 02:33 . 2011-01-05 02:33        44544        ----a-w-        c:\windows\system32\aticalcl64.dll

2011-01-05 02:33 . 2011-01-05 02:33        4162048        ----a-w-        c:\windows\SysWow64\atiumdag.dll

2011-01-05 02:33 . 2011-01-05 02:33        44032        ----a-w-        c:\windows\SysWow64\aticalcl.dll

2011-01-05 02:33 . 2011-01-05 02:33        6815232        ----a-w-        c:\windows\system32\aticaldd64.dll

2011-01-05 02:32 . 2011-01-05 02:32        1208320        ----a-w-        c:\windows\system32\atiumd6v.dll

2011-01-05 02:32 . 2009-11-25 02:43        3218944        ----a-w-        c:\windows\system32\atiumd6a.dll

2011-01-05 02:31 . 2011-01-05 02:31        5441024        ----a-w-        c:\windows\SysWow64\aticaldd.dll

2011-01-05 02:28 . 2010-03-20 12:52        58880        ----a-w-        c:\windows\system32\coinst.dll

2011-01-05 02:27 . 2009-11-25 02:50        5305856        ----a-w-        c:\windows\system32\atiumd64.dll

2011-01-05 02:25 . 2011-01-05 02:25        3461120        ----a-w-        c:\windows\SysWow64\atiumdva.dll

2011-01-05 02:20 . 2011-01-05 02:20        353792        ----a-w-        c:\windows\system32\atiadlxx.dll

2011-01-05 02:20 . 2011-01-05 02:20        249856        ----a-w-        c:\windows\SysWow64\atiadlxy.dll

2011-01-05 02:19 . 2011-01-05 02:19        14848        ----a-w-        c:\windows\system32\atig6pxx.dll

2011-01-05 02:19 . 2011-01-05 02:19        12800        ----a-w-        c:\windows\SysWow64\atiglpxx.dll

2011-01-05 02:19 . 2011-01-05 02:19        12800        ----a-w-        c:\windows\system32\atiglpxx.dll

2011-01-05 02:19 . 2011-01-05 02:19        32256        ----a-w-        c:\windows\system32\atig6txx.dll

2011-01-05 02:19 . 2011-01-05 02:19        27648        ----a-w-        c:\windows\SysWow64\atigktxx.dll

2011-01-05 02:19 . 2011-01-05 02:19        294400        ----a-w-        c:\windows\system32\drivers\atikmpag.sys

2011-01-05 02:18 . 2010-03-20 12:52        39936        ----a-w-        c:\windows\system32\atiuxp64.dll

2011-01-05 02:18 . 2011-01-05 02:18        30720        ----a-w-        c:\windows\SysWow64\atiuxpag.dll

2011-01-05 02:18 . 2010-03-20 12:52        38400        ----a-w-        c:\windows\system32\atiu9p64.dll

2011-01-05 02:18 . 2011-01-05 02:18        28672        ----a-w-        c:\windows\SysWow64\atiu9pag.dll

2011-01-05 02:17 . 2011-01-05 02:17        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll

2011-01-05 02:11 . 2011-01-05 02:11        53760        ----a-w-        c:\windows\system32\atimpc64.dll

2011-01-05 02:11 . 2011-01-05 02:11        53760        ----a-w-        c:\windows\system32\amdpcom64.dll

2011-01-05 02:11 . 2011-01-05 02:11        52736        ----a-w-        c:\windows\SysWow64\atimpc32.dll

2011-01-05 02:11 . 2011-01-05 02:11        52736        ----a-w-        c:\windows\SysWow64\amdpcom32.dll

.

.

(((((((((((((((((((((((((((((   SnapShot@2011-03-24_09.58.41   )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2011-03-24 09:55        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-03-24 15:02        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-03-24 09:55        49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-03-24 15:02        49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-03-24 09:55        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-03-24 15:02        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-10-14 05:16 . 2011-03-24 14:48        65072              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-03-24 15:04        51478              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-02-04 09:29 . 2011-03-24 15:04        17260              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-121265888-1667793776-3005404268-1000_UserData.bin

+ 2011-03-24 15:02 . 2011-03-24 15:02        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-03-24 09:55 . 2011-03-24 09:55        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-03-24 15:02 . 2011-03-24 15:02        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-03-24 09:55 . 2011-03-24 09:55        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-01-04 14:26 . 2011-03-24 15:01        906608              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-07-14 05:01 . 2011-03-24 09:54        511964              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-03-24 15:01        511964              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-03-15 15:17 . 2011-03-24 15:01        789736              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-121265888-1667793776-3005404268-1000-4096.dat

- 2011-03-15 15:17 . 2011-03-24 09:54        789736              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-121265888-1667793776-3005404268-1000-4096.dat

+ 2010-04-06 18:37 . 2011-03-24 15:01        1737820              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-121265888-1667793776-3005404268-1000-8192.dat

- 2010-04-06 18:37 . 2011-03-24 09:54        1737820              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-121265888-1667793776-3005404268-1000-8192.dat

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-11-24 385024]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-12 5106904]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 336384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

SpeedFan.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2009-11-25 4009592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-14 135664]

R3 ALSysIO;ALSysIO;c:\users\Admin\AppData\Local\Temp\ALSysIO64.sys [x]

R3 cpuz130;cpuz130;c:\users\Admin\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]

R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\ShotOnline\GameGuard\dump_wmimmc.sys [x]

R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2009-10-01 26240]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 SaiH5F0D;SaiH5F0D;c:\windows\system32\DRIVERS\SaiH5F0D.sys [x]

R3 SaiU5F0D;SaiU5F0D;c:\windows\system32\DRIVERS\SaiU5F0D.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2009-12-14 515560]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]

R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [x]

S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]

S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-03-20 2480048]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-04 354304]

S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]

S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]

S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-14 15:42]

.

2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-14 15:42]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\cofi\CF11600.cfxxe" [X]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-12 361632]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.de/

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Client auf Monitor & öffnen1 - c:\windows\web\AOpenClient.htm

IE: Client auf Monitor & öffnen2 - c:\windows\web\AOpenClient.htm

IE: Free YouTube to Mp3 Converter - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {{605E5D27-BFA0-471F-87ED-98A2623D633C} - c:\program files (x86)\CADE 2.18.3\Web\new.htm

LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll

FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a88u9ehd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]

"ImagePath"="\??\c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:7f,89,bb,9f,2a,c2,c0,79,fa,7f,53,22,e0,30,57,e1,88,d8,73,c4,42,

   a7,e0,56,29,6b,bb,44,f3,02,80,6f,fb,e6,45,88,41,8f,8f,fd,6e,90,39,fc,97,23,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:7f,89,bb,9f,2a,c2,c0,79,fa,7f,53,22,e0,30,57,e1,88,d8,73,c4,42,

   a7,e0,56,29,6b,bb,44,f3,02,80,6f,d5,3a,84,76,dd,7e,6c,92,6e,90,39,fc,97,23,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\windows\SysWOW64\vmnat.exe

c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe

c:\windows\SysWOW64\vmnetdhcp.exe

c:\program files (x86)\TeamViewer\Version5\TeamViewer.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-03-24  16:07:48 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-03-24 15:07

ComboFix2.txt  2011-03-24 10:02

.

Vor Suchlauf: 12 Verzeichnis(se), 248.021.135.360 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 247.749.296.128 Bytes frei

.

- - End Of File - - 4631FC11A3F428B77B9DCEBA149E0E41

Zwischendurch mal ein Dankeschön für die Mühen

iexplore.exe wird immer noch gestartet ... ziemlich hartnäckig:kloppen:

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

das log von TDSS ->

HTML-Code:

2011/03/24 18:38:11.0690 0596        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/03/24 18:38:11.0971 0596        ================================================================================

2011/03/24 18:38:11.0971 0596        SystemInfo:

2011/03/24 18:38:11.0971 0596        

2011/03/24 18:38:11.0971 0596        OS Version: 6.1.7601 ServicePack: 1.0

2011/03/24 18:38:11.0971 0596        Product type: Workstation

2011/03/24 18:38:11.0971 0596        ComputerName: ADMIN-PC

2011/03/24 18:38:11.0971 0596        UserName: Admin

2011/03/24 18:38:11.0971 0596        Windows directory: C:\Windows

2011/03/24 18:38:11.0971 0596        System windows directory: C:\Windows

2011/03/24 18:38:11.0971 0596        Running under WOW64

2011/03/24 18:38:11.0971 0596        Processor architecture: Intel x64

2011/03/24 18:38:11.0971 0596        Number of processors: 3

2011/03/24 18:38:11.0971 0596        Page size: 0x1000

2011/03/24 18:38:11.0971 0596        Boot type: Normal boot

2011/03/24 18:38:11.0971 0596        ================================================================================

2011/03/24 18:38:17.0946 0596        Initialize success

2011/03/24 18:38:22.0813 4652        ================================================================================

2011/03/24 18:38:22.0813 4652        Scan started

2011/03/24 18:38:22.0813 4652        Mode: Manual; 

2011/03/24 18:38:22.0813 4652        ================================================================================

2011/03/24 18:38:24.0014 4652        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

2011/03/24 18:38:24.0061 4652        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

2011/03/24 18:38:24.0077 4652        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

2011/03/24 18:38:24.0155 4652        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/03/24 18:38:24.0170 4652        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2011/03/24 18:38:24.0186 4652        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2011/03/24 18:38:24.0233 4652        AFD             (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys

2011/03/24 18:38:24.0264 4652        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

2011/03/24 18:38:24.0279 4652        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

2011/03/24 18:38:24.0389 4652        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

2011/03/24 18:38:24.0404 4652        amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys

2011/03/24 18:38:24.0420 4652        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2011/03/24 18:38:24.0591 4652        amdkmdag        (df943a113060d3abfda4730ae4163d6f) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/03/24 18:38:24.0779 4652        amdkmdap        (4003b34b4a83de29cd1c88eb6c869e58) C:\Windows\system32\DRIVERS\atikmpag.sys

2011/03/24 18:38:24.0810 4652        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2011/03/24 18:38:24.0825 4652        amdsata         (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys

2011/03/24 18:38:24.0857 4652        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/03/24 18:38:24.0872 4652        amdxata         (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys

2011/03/24 18:38:24.0919 4652        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

2011/03/24 18:38:24.0966 4652        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2011/03/24 18:38:24.0966 4652        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2011/03/24 18:38:25.0013 4652        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/03/24 18:38:25.0028 4652        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

2011/03/24 18:38:25.0075 4652        AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys

2011/03/24 18:38:25.0091 4652        AtiHdmiService  (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys

2011/03/24 18:38:25.0262 4652        atikmdag        (df943a113060d3abfda4730ae4163d6f) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/03/24 18:38:25.0340 4652        atksgt          (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys

2011/03/24 18:38:25.0371 4652        avgntflt        (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/03/24 18:38:25.0434 4652        avipbb          (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys

2011/03/24 18:38:25.0481 4652        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2011/03/24 18:38:25.0527 4652        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2011/03/24 18:38:25.0574 4652        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2011/03/24 18:38:25.0621 4652        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/03/24 18:38:25.0637 4652        bowser          (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

2011/03/24 18:38:25.0668 4652        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/03/24 18:38:25.0683 4652        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/03/24 18:38:25.0699 4652        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2011/03/24 18:38:25.0715 4652        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/03/24 18:38:25.0746 4652        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/03/24 18:38:25.0761 4652        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/03/24 18:38:25.0777 4652        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/03/24 18:38:25.0839 4652        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/03/24 18:38:25.0871 4652        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

2011/03/24 18:38:25.0902 4652        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2011/03/24 18:38:25.0917 4652        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2011/03/24 18:38:25.0995 4652        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/03/24 18:38:26.0027 4652        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

2011/03/24 18:38:26.0058 4652        CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

2011/03/24 18:38:26.0089 4652        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2011/03/24 18:38:26.0136 4652        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

2011/03/24 18:38:26.0261 4652        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/03/24 18:38:26.0307 4652        CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

2011/03/24 18:38:26.0385 4652        dc3d            (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys

2011/03/24 18:38:26.0448 4652        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

2011/03/24 18:38:26.0463 4652        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2011/03/24 18:38:26.0479 4652        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2011/03/24 18:38:26.0541 4652        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2011/03/24 18:38:26.0682 4652        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

2011/03/24 18:38:26.0729 4652        E1G60           (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys

2011/03/24 18:38:26.0791 4652        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2011/03/24 18:38:26.0900 4652        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2011/03/24 18:38:26.0931 4652        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

2011/03/24 18:38:27.0009 4652        EverestDriver   (17c7bcae7ebabb95af2f7c91b19c361c) C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64

2011/03/24 18:38:27.0025 4652        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2011/03/24 18:38:27.0056 4652        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2011/03/24 18:38:27.0087 4652        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2011/03/24 18:38:27.0119 4652        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2011/03/24 18:38:27.0134 4652        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2011/03/24 18:38:27.0150 4652        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/03/24 18:38:27.0197 4652        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

2011/03/24 18:38:27.0228 4652        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2011/03/24 18:38:27.0259 4652        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2011/03/24 18:38:27.0306 4652        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

2011/03/24 18:38:27.0321 4652        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/03/24 18:38:27.0415 4652        hcmon           (8cdad7b707ddd77d45588f74d59c9aff) C:\Windows\system32\drivers\hcmon.sys

2011/03/24 18:38:27.0524 4652        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2011/03/24 18:38:27.0571 4652        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

2011/03/24 18:38:27.0618 4652        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

2011/03/24 18:38:27.0633 4652        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/03/24 18:38:27.0649 4652        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2011/03/24 18:38:27.0665 4652        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2011/03/24 18:38:27.0711 4652        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

2011/03/24 18:38:27.0758 4652        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

2011/03/24 18:38:27.0821 4652        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

2011/03/24 18:38:27.0883 4652        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

2011/03/24 18:38:27.0914 4652        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

2011/03/24 18:38:27.0945 4652        iaStorV         (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys

2011/03/24 18:38:27.0977 4652        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2011/03/24 18:38:28.0008 4652        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

2011/03/24 18:38:28.0023 4652        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2011/03/24 18:38:28.0070 4652        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/03/24 18:38:28.0086 4652        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

2011/03/24 18:38:28.0117 4652        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2011/03/24 18:38:28.0148 4652        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2011/03/24 18:38:28.0179 4652        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

2011/03/24 18:38:28.0195 4652        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

2011/03/24 18:38:28.0211 4652        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

2011/03/24 18:38:28.0242 4652        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

2011/03/24 18:38:28.0257 4652        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

2011/03/24 18:38:28.0304 4652        KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

2011/03/24 18:38:28.0320 4652        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2011/03/24 18:38:28.0382 4652        lirsgt          (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys

2011/03/24 18:38:28.0413 4652        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2011/03/24 18:38:28.0445 4652        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/03/24 18:38:28.0460 4652        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/03/24 18:38:28.0476 4652        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/03/24 18:38:28.0491 4652        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/03/24 18:38:28.0523 4652        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2011/03/24 18:38:28.0538 4652        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2011/03/24 18:38:28.0569 4652        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/03/24 18:38:28.0601 4652        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2011/03/24 18:38:28.0632 4652        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2011/03/24 18:38:28.0663 4652        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

2011/03/24 18:38:28.0694 4652        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2011/03/24 18:38:28.0741 4652        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

2011/03/24 18:38:28.0772 4652        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

2011/03/24 18:38:28.0788 4652        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2011/03/24 18:38:28.0819 4652        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

2011/03/24 18:38:28.0850 4652        mrxsmb          (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/03/24 18:38:28.0866 4652        mrxsmb10        (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/03/24 18:38:28.0913 4652        mrxsmb20        (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/03/24 18:38:28.0928 4652        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

2011/03/24 18:38:28.0959 4652        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

2011/03/24 18:38:28.0991 4652        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2011/03/24 18:38:29.0006 4652        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2011/03/24 18:38:29.0037 4652        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

2011/03/24 18:38:29.0069 4652        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2011/03/24 18:38:29.0084 4652        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/03/24 18:38:29.0100 4652        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2011/03/24 18:38:29.0147 4652        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

2011/03/24 18:38:29.0178 4652        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

2011/03/24 18:38:29.0209 4652        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2011/03/24 18:38:29.0240 4652        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/03/24 18:38:29.0287 4652        MTsensor        (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys

2011/03/24 18:38:29.0318 4652        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2011/03/24 18:38:29.0365 4652        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2011/03/24 18:38:29.0412 4652        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

2011/03/24 18:38:29.0459 4652        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/03/24 18:38:29.0490 4652        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/03/24 18:38:29.0537 4652        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/03/24 18:38:29.0568 4652        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/03/24 18:38:29.0615 4652        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

2011/03/24 18:38:29.0661 4652        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2011/03/24 18:38:29.0708 4652        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

2011/03/24 18:38:29.0755 4652        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/03/24 18:38:29.0817 4652        nm3             (f554c5fd7bd1efa4da5cfe2eed86391f) C:\Windows\system32\DRIVERS\nm3.sys

2011/03/24 18:38:29.0833 4652        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2011/03/24 18:38:29.0942 4652        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2011/03/24 18:38:29.0973 4652        Ntfs            (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys

2011/03/24 18:38:30.0036 4652        NuidFltr        (4c08a14d04e62963e96e0bb57bbc953b) C:\Windows\system32\DRIVERS\NuidFltr.sys

2011/03/24 18:38:30.0083 4652        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2011/03/24 18:38:30.0114 4652        nvraid          (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys

2011/03/24 18:38:30.0145 4652        nvstor          (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys

2011/03/24 18:38:30.0192 4652        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

2011/03/24 18:38:30.0207 4652        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

2011/03/24 18:38:30.0239 4652        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2011/03/24 18:38:30.0270 4652        partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

2011/03/24 18:38:30.0317 4652        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

2011/03/24 18:38:30.0332 4652        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

2011/03/24 18:38:30.0348 4652        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/03/24 18:38:30.0363 4652        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2011/03/24 18:38:30.0395 4652        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2011/03/24 18:38:30.0519 4652        Point64         (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys

2011/03/24 18:38:30.0566 4652        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

2011/03/24 18:38:30.0597 4652        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2011/03/24 18:38:30.0629 4652        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

2011/03/24 18:38:30.0675 4652        PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

2011/03/24 18:38:30.0738 4652        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2011/03/24 18:38:30.0769 4652        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/03/24 18:38:30.0800 4652        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2011/03/24 18:38:30.0831 4652        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2011/03/24 18:38:30.0878 4652        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/03/24 18:38:30.0925 4652        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/03/24 18:38:30.0956 4652        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/03/24 18:38:30.0987 4652        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2011/03/24 18:38:31.0019 4652        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

2011/03/24 18:38:31.0034 4652        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/03/24 18:38:31.0050 4652        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/03/24 18:38:31.0081 4652        RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

2011/03/24 18:38:31.0112 4652        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2011/03/24 18:38:31.0128 4652        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2011/03/24 18:38:31.0175 4652        RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

2011/03/24 18:38:31.0221 4652        RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

2011/03/24 18:38:31.0253 4652        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

2011/03/24 18:38:31.0331 4652        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2011/03/24 18:38:31.0377 4652        RTL8167         (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys

2011/03/24 18:38:31.0409 4652        s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

2011/03/24 18:38:31.0471 4652        SaiH5F0D        (248abd858ff7dcc966e5a54529ddd225) C:\Windows\system32\DRIVERS\SaiH5F0D.sys

2011/03/24 18:38:31.0502 4652        SaiU5F0D        (547b16d072a3afce5807be20c3f4734b) C:\Windows\system32\DRIVERS\SaiU5F0D.sys

2011/03/24 18:38:31.0580 4652        SASDIFSV        (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

2011/03/24 18:38:31.0611 4652        SASKUTIL        (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

2011/03/24 18:38:31.0643 4652        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

2011/03/24 18:38:31.0705 4652        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

2011/03/24 18:38:31.0736 4652        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/03/24 18:38:31.0767 4652        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2011/03/24 18:38:31.0783 4652        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2011/03/24 18:38:31.0814 4652        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2011/03/24 18:38:31.0861 4652        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

2011/03/24 18:38:31.0861 4652        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

2011/03/24 18:38:31.0892 4652        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

2011/03/24 18:38:31.0908 4652        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/03/24 18:38:31.0923 4652        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/03/24 18:38:31.0955 4652        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/03/24 18:38:31.0986 4652        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2011/03/24 18:38:32.0033 4652        snapman         (27ba49f89468fddae6c2b311c53bce3a) C:\Windows\system32\DRIVERS\snapman.sys

2011/03/24 18:38:32.0079 4652        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2011/03/24 18:38:32.0157 4652        sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys

2011/03/24 18:38:32.0157 4652        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb

2011/03/24 18:38:32.0157 4652        sptd - detected Locked file (1)

2011/03/24 18:38:32.0220 4652        srv             (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys

2011/03/24 18:38:32.0251 4652        srv2            (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys

2011/03/24 18:38:32.0282 4652        srvnet          (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys

2011/03/24 18:38:32.0329 4652        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2011/03/24 18:38:32.0360 4652        StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

2011/03/24 18:38:32.0391 4652        storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

2011/03/24 18:38:32.0423 4652        storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

2011/03/24 18:38:32.0454 4652        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

2011/03/24 18:38:32.0563 4652        tap0901         (bcd6a90d6fd757ce9c29ddc850f7f231) C:\Windows\system32\DRIVERS\tap0901.sys

2011/03/24 18:38:32.0672 4652        Tcpip           (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys

2011/03/24 18:38:32.0766 4652        TCPIP6          (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys

2011/03/24 18:38:32.0828 4652        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

2011/03/24 18:38:32.0844 4652        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2011/03/24 18:38:32.0906 4652        tdrpman258      (bf7ac81df6fbe09438d9dc7188178ea9) C:\Windows\system32\DRIVERS\tdrpm258.sys

2011/03/24 18:38:32.0953 4652        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2011/03/24 18:38:33.0000 4652        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

2011/03/24 18:38:33.0031 4652        teamviewervpn   (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys

2011/03/24 18:38:33.0062 4652        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

2011/03/24 18:38:33.0125 4652        timounter       (2c1caf5563548a15515eab07d2a069c6) C:\Windows\system32\DRIVERS\timntr.sys

2011/03/24 18:38:33.0203 4652        truecrypt       (c4238af5aaf167c3e5113f98f5427a0b) C:\Windows\system32\drivers\truecrypt.sys

2011/03/24 18:38:33.0249 4652        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/03/24 18:38:33.0312 4652        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

2011/03/24 18:38:33.0343 4652        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2011/03/24 18:38:33.0390 4652        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

2011/03/24 18:38:33.0437 4652        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

2011/03/24 18:38:33.0468 4652        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

2011/03/24 18:38:33.0499 4652        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2011/03/24 18:38:33.0546 4652        USB28xxBGA      (a7e92e2dfa905b86fdc4816b4b3b5b12) C:\Windows\system32\DRIVERS\emBDA64.sys

2011/03/24 18:38:33.0593 4652        USB28xxOEM      (700ca9c3fa142a5ed96574030472529c) C:\Windows\system32\DRIVERS\emOEM64.sys

2011/03/24 18:38:33.0624 4652        usbccgp         (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys

2011/03/24 18:38:33.0655 4652        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

2011/03/24 18:38:33.0702 4652        usbehci         (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

2011/03/24 18:38:33.0717 4652        usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys

2011/03/24 18:38:33.0733 4652        usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

2011/03/24 18:38:33.0749 4652        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2011/03/24 18:38:33.0764 4652        USBSTOR         (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS

2011/03/24 18:38:33.0780 4652        usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/03/24 18:38:33.0811 4652        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

2011/03/24 18:38:33.0858 4652        usb_rndisx      (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys

2011/03/24 18:38:33.0920 4652        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

2011/03/24 18:38:33.0936 4652        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/03/24 18:38:33.0967 4652        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2011/03/24 18:38:33.0983 4652        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

2011/03/24 18:38:34.0029 4652        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

2011/03/24 18:38:34.0092 4652        vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

2011/03/24 18:38:34.0123 4652        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

2011/03/24 18:38:34.0154 4652        vmci            (cdaa992c18f3f3612444c818a478cf57) C:\Windows\system32\drivers\vmci.sys

2011/03/24 18:38:34.0185 4652        vmkbd           (ea9c266cd4b4bb7c7d818c1c27461959) C:\Windows\system32\drivers\VMkbd.sys

2011/03/24 18:38:34.0201 4652        VMnetAdapter    (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys

2011/03/24 18:38:34.0232 4652        VMnetBridge     (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys

2011/03/24 18:38:34.0263 4652        VMnetuserif     (479948eb42e189c076b45ebaf2d12bbc) C:\Windows\system32\drivers\vmnetuserif.sys

2011/03/24 18:38:34.0279 4652        VMparport       (a8a805479334da10cfe10a4e20b6f25b) C:\Windows\system32\drivers\VMparport.sys

2011/03/24 18:38:34.0326 4652        vmusb           (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys

2011/03/24 18:38:34.0373 4652        vmx86           (05645d6651ca7a02298aae475bbcad6e) C:\Windows\system32\drivers\vmx86.sys

2011/03/24 18:38:34.0404 4652        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

2011/03/24 18:38:34.0451 4652        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

2011/03/24 18:38:34.0497 4652        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

2011/03/24 18:38:34.0529 4652        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/03/24 18:38:34.0638 4652        vstor2-ws60     (69f57e89e6ebc5012d210527af005a70) C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys

2011/03/24 18:38:34.0669 4652        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

2011/03/24 18:38:34.0700 4652        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2011/03/24 18:38:34.0716 4652        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/03/24 18:38:34.0731 4652        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/03/24 18:38:34.0778 4652        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2011/03/24 18:38:34.0794 4652        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2011/03/24 18:38:34.0856 4652        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/03/24 18:38:34.0872 4652        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2011/03/24 18:38:34.0934 4652        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/03/24 18:38:34.0981 4652        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

2011/03/24 18:38:35.0012 4652        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2011/03/24 18:38:35.0043 4652        WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

2011/03/24 18:38:35.0090 4652        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

2011/03/24 18:38:35.0121 4652        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/03/24 18:38:35.0277 4652        ================================================================================

2011/03/24 18:38:35.0277 4652        Scan finished

2011/03/24 18:38:35.0277 4652        ================================================================================

2011/03/24 18:38:35.0277 4792        Detected object count: 1

2011/03/24 18:38:38.0772 4792        Locked file(sptd) - User select action: Skip

Hab mich jetzt erstmal für skip entschieden.
Wenn das Teil gelöscht werden soll, dann nur zu.

Sehe gerade ... ist ein Bestandteil von DaemonTools

Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

MBR:

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows 7 Ultimate Edition

Windows Information:                Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer:        ASUSTeK Computer INC.

BIOS Manufacturer:                American Megatrends Inc.

System Manufacturer:                System manufacturer

System Product Name:                System Product Name

Logical Drives Mask:                0x000001fc
 

Kernel Drivers (total 224):

  0x03219000 \SystemRoot\system32\ntoskrnl.exe

  0x03803000 \SystemRoot\system32\hal.dll

  0x00BBF000 \SystemRoot\system32\kdcom.dll

  0x00C7F000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll

  0x00C8C000 \SystemRoot\system32\PSHED.dll

  0x00CA0000 \SystemRoot\system32\CLFS.SYS

  0x00CFE000 \SystemRoot\system32\CI.dll

  0x00EA2000 \SystemRoot\system32\drivers\Wdf01000.sys

  0x00F46000 \SystemRoot\system32\drivers\WDFLDR.SYS

  0x010BA000 \SystemRoot\System32\Drivers\spyc.sys

  0x011E0000 \SystemRoot\System32\Drivers\WMILIB.SYS

  0x01000000 \SystemRoot\System32\Drivers\SCSIPORT.SYS

  0x0102F000 \SystemRoot\system32\drivers\ACPI.sys

  0x01086000 \SystemRoot\system32\drivers\msisadrv.sys

  0x01090000 \SystemRoot\system32\drivers\vdrvroot.sys

  0x00F55000 \SystemRoot\system32\drivers\pci.sys

  0x0109D000 \SystemRoot\System32\drivers\partmgr.sys

  0x011E9000 \SystemRoot\system32\DRIVERS\compbatt.sys

  0x011F2000 \SystemRoot\system32\DRIVERS\BATTC.SYS

  0x00F88000 \SystemRoot\system32\drivers\volmgr.sys

  0x00F9D000 \SystemRoot\System32\drivers\volmgrx.sys

  0x010B2000 \SystemRoot\system32\drivers\pciide.sys

  0x00E00000 \SystemRoot\system32\drivers\PCIIDEX.SYS

  0x00E10000 \SystemRoot\System32\drivers\mountmgr.sys

  0x00E2A000 \SystemRoot\system32\drivers\vmbus.sys

  0x00E66000 \SystemRoot\system32\drivers\winhv.sys

  0x00E7A000 \SystemRoot\system32\drivers\atapi.sys

  0x00DBE000 \SystemRoot\system32\drivers\ataport.SYS

  0x00E83000 \SystemRoot\system32\drivers\amdxata.sys

  0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys

  0x00E8E000 \SystemRoot\system32\drivers\fileinfo.sys

  0x00C4C000 \SystemRoot\System32\Drivers\PxHlpa64.sys

  0x0125B000 \SystemRoot\System32\Drivers\Ntfs.sys

  0x0140D000 \SystemRoot\System32\Drivers\msrpc.sys

  0x0146B000 \SystemRoot\System32\Drivers\ksecdd.sys

  0x01486000 \SystemRoot\System32\Drivers\cng.sys

  0x014F8000 \SystemRoot\System32\drivers\pcw.sys

  0x01509000 \SystemRoot\System32\Drivers\Fs_Rec.sys

  0x0167E000 \SystemRoot\system32\drivers\ndis.sys

  0x01771000 \SystemRoot\system32\drivers\NETIO.SYS

  0x017D1000 \SystemRoot\System32\Drivers\ksecpkg.sys

  0x018E8000 \SystemRoot\System32\drivers\tcpip.sys

  0x01AEC000 \SystemRoot\System32\drivers\fwpkclnt.sys

  0x01513000 \SystemRoot\system32\DRIVERS\timntr.sys

  0x01B36000 \SystemRoot\system32\drivers\vmstorfl.sys

  0x01B46000 \SystemRoot\system32\drivers\volsnap.sys

  0x01C7C000 \SystemRoot\system32\DRIVERS\tdrpm258.sys

  0x01DE8000 \SystemRoot\System32\Drivers\spldr.sys

  0x01DF0000 \SystemRoot\SysWOW64\speedfan.sys

  0x01C00000 \SystemRoot\system32\DRIVERS\snapman.sys

  0x01C40000 \SystemRoot\System32\drivers\rdyboost.sys

  0x01B92000 \SystemRoot\System32\Drivers\mup.sys

  0x01DF7000 \SystemRoot\System32\drivers\hwpolicy.sys

  0x01BA4000 \SystemRoot\System32\DRIVERS\fvevol.sys

  0x01BDE000 \SystemRoot\system32\DRIVERS\disk.sys

  0x01800000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

  0x01866000 \SystemRoot\system32\drivers\cdrom.sys

  0x01890000 \SystemRoot\System32\Drivers\Null.SYS

  0x01899000 \SystemRoot\System32\Drivers\Beep.SYS

  0x018A0000 \SystemRoot\System32\drivers\vga.sys

  0x018AE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

  0x018D3000 \SystemRoot\System32\drivers\watchdog.sys

  0x01BF4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0x01600000 \SystemRoot\system32\drivers\rdpencdd.sys

  0x01609000 \SystemRoot\system32\drivers\rdprefmp.sys

  0x01612000 \SystemRoot\System32\Drivers\Msfs.SYS

  0x0161D000 \SystemRoot\System32\Drivers\Npfs.SYS

  0x0162E000 \SystemRoot\system32\DRIVERS\tdx.sys

  0x01650000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0x03081000 \SystemRoot\system32\drivers\afd.sys

  0x0310A000 \SystemRoot\System32\DRIVERS\netbt.sys

  0x0314F000 \SystemRoot\system32\drivers\ws2ifsl.sys

  0x0315A000 \SystemRoot\system32\DRIVERS\wfplwf.sys

  0x03163000 \SystemRoot\system32\DRIVERS\pacer.sys

  0x03189000 \SystemRoot\system32\DRIVERS\nm3.sys

  0x03198000 \SystemRoot\system32\DRIVERS\netbios.sys

  0x031A7000 \SystemRoot\system32\DRIVERS\serial.sys

  0x031C4000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0x03000000 \SystemRoot\System32\drivers\truecrypt.sys

  0x03041000 \SystemRoot\system32\drivers\termdd.sys

  0x03055000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

  0x0305F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

  0x01200000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0x03069000 \SystemRoot\system32\drivers\nsiproxy.sys

  0x03075000 \SystemRoot\system32\drivers\mssmbios.sys

  0x031DF000 \SystemRoot\System32\drivers\discache.sys

  0x03A21000 \SystemRoot\system32\drivers\csc.sys

  0x03AA4000 \SystemRoot\System32\Drivers\dfsc.sys

  0x03AC2000 \SystemRoot\system32\DRIVERS\blbdrive.sys

  0x03AD3000 \SystemRoot\system32\DRIVERS\avipbb.sys

  0x03AF5000 \SystemRoot\SysWow64\drivers\AsIO.sys

  0x03AFB000 \SystemRoot\system32\DRIVERS\tunnel.sys

  0x03B21000 \SystemRoot\system32\DRIVERS\amdppm.sys

  0x03B36000 \SystemRoot\system32\DRIVERS\atikmpag.sys

  0x04C81000 \SystemRoot\system32\DRIVERS\atikmdag.sys

  0x054B8000 \SystemRoot\System32\drivers\dxgkrnl.sys

  0x055AC000 \SystemRoot\System32\drivers\dxgmms1.sys

  0x04C00000 \SystemRoot\system32\drivers\HDAudBus.sys

  0x04C24000 \SystemRoot\system32\DRIVERS\usbohci.sys

  0x03B83000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0x04C2F000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0x04C40000 \SystemRoot\system32\DRIVERS\parport.sys

  0x04C5D000 \SystemRoot\system32\DRIVERS\ASACPI.sys

  0x04C65000 \SystemRoot\system32\DRIVERS\serenum.sys

  0x05635000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

  0x05667000 \SystemRoot\System32\Drivers\ax95oqpy.SYS

  0x056AC000 \SystemRoot\system32\drivers\wmiacpi.sys

  0x056B5000 \SystemRoot\system32\drivers\CompositeBus.sys

  0x056C5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

  0x056DB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0x056FF000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0x0570B000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0x0573A000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0x05755000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0x05776000 \SystemRoot\system32\DRIVERS\rassstp.sys

  0x05790000 \SystemRoot\system32\DRIVERS\teamviewervpn.sys

  0x0579D000 \SystemRoot\system32\DRIVERS\rdpbus.sys

  0x057A8000 \SystemRoot\system32\drivers\kbdclass.sys

  0x057B7000 \SystemRoot\system32\drivers\mouclass.sys

  0x057C6000 \SystemRoot\system32\drivers\swenum.sys

  0x05A02000 \SystemRoot\system32\drivers\ks.sys

  0x05A45000 \SystemRoot\system32\DRIVERS\amdiox64.sys

  0x05A59000 \SystemRoot\system32\drivers\umbus.sys

  0x05A6B000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys

  0x05A73000 \SystemRoot\system32\DRIVERS\VMNET.SYS

  0x05A7D000 \SystemRoot\system32\drivers\usbhub.sys

  0x05AD7000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0x05AEC000 \SystemRoot\system32\drivers\AtihdW76.sys

  0x05B0C000 \SystemRoot\system32\drivers\portcls.sys

  0x05B49000 \SystemRoot\system32\drivers\drmk.sys

  0x05B6B000 \SystemRoot\system32\drivers\ksthunk.sys

  0x05B71000 \SystemRoot\system32\drivers\HdAudio.sys

  0x05BCD000 \SystemRoot\System32\Drivers\crashdmp.sys

  0x05BDB000 \SystemRoot\System32\Drivers\dump_dumpata.sys

  0x05BE7000 \SystemRoot\System32\Drivers\dump_atapi.sys

  0x057C8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

  0x00020000 \SystemRoot\System32\win32k.sys

  0x05BF0000 \SystemRoot\System32\drivers\Dxapi.sys

  0x057DB000 \SystemRoot\system32\drivers\usbccgp.sys

  0x05BFC000 \SystemRoot\system32\drivers\USBD.SYS

  0x05600000 \SystemRoot\system32\drivers\hidusb.sys

  0x0560E000 \SystemRoot\system32\drivers\HIDCLASS.SYS

  0x05627000 \SystemRoot\system32\drivers\HIDPARSE.SYS

  0x04C71000 \SystemRoot\system32\drivers\kbdhid.sys

  0x055F2000 \??\C:\Windows\system32\drivers\VMkbd.sys

  0x03E5E000 \SystemRoot\system32\DRIVERS\emOEM64.sys

  0x03EF5000 \SystemRoot\system32\DRIVERS\emBDA64.sys

  0x03F94000 \SystemRoot\system32\DRIVERS\BdaSup.SYS

  0x03F98000 \SystemRoot\system32\DRIVERS\monitor.sys

  0x03FA6000 \SystemRoot\system32\DRIVERS\dc3d.sys

  0x03FB8000 \SystemRoot\system32\drivers\USBSTOR.SYS

  0x03E00000 \SystemRoot\System32\Drivers\usbvideo.sys

  0x03E2E000 \SystemRoot\system32\DRIVERS\NuidFltr.sys

  0x03E3A000 \SystemRoot\system32\DRIVERS\mouhid.sys

  0x03E47000 \SystemRoot\system32\DRIVERS\point64.sys

  0x00510000 \SystemRoot\System32\TSDDD.dll

  0x00650000 \SystemRoot\System32\cdd.dll

  0x00960000 \SystemRoot\System32\ATMFD.DLL

  0x03FD3000 \SystemRoot\system32\drivers\luafv.sys

  0x03BD9000 \SystemRoot\system32\DRIVERS\avgntflt.sys

  0x03A00000 \SystemRoot\system32\drivers\WudfPf.sys

  0x031EE000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys

  0x01830000 \SystemRoot\system32\DRIVERS\lltdio.sys

  0x01845000 \SystemRoot\system32\DRIVERS\rspndr.sys

  0x078D9000 \SystemRoot\system32\drivers\HTTP.sys

  0x079A2000 \SystemRoot\system32\DRIVERS\bowser.sys

  0x079C0000 \SystemRoot\System32\drivers\mpsdrv.sys

  0x07800000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0x0782D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

  0x0787A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

  0x0789E000 \??\C:\Windows\system32\drivers\hcmon.sys

  0x078AA000 \??\C:\Windows\system32\drivers\vmci.sys

  0x078C2000 \??\C:\Windows\system32\drivers\VMparport.sys

  0x07CA8000 \??\C:\Windows\system32\drivers\vmx86.sys

  0x07D7E000 \SystemRoot\system32\DRIVERS\atksgt.sys

  0x07DCD000 \SystemRoot\system32\DRIVERS\lirsgt.sys

  0x07C00000 \SystemRoot\system32\drivers\peauth.sys

  0x07DDA000 \SystemRoot\System32\Drivers\secdrv.SYS

  0x080E3000 \SystemRoot\System32\DRIVERS\srvnet.sys

  0x08114000 \SystemRoot\System32\drivers\tcpipreg.sys

  0x08197000 \??\C:\Windows\system32\drivers\vmnetuserif.sys

  0x081A1000 \??\C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys

  0x08000000 \SystemRoot\System32\DRIVERS\srv2.sys

  0x0867C000 \SystemRoot\System32\DRIVERS\srv.sys

  0x08715000 \SystemRoot\system32\drivers\klmd.sys

  0x770E0000 \Windows\System32\ntdll.dll

  0x47C90000 \Windows\System32\smss.exe

  0xFF400000 \Windows\System32\apisetschema.dll

  0xFF620000 \Windows\System32\autochk.exe

  0x76ED0000 \Windows\System32\iertutil.dll

  0xFF370000 \Windows\System32\shlwapi.dll

  0xFF290000 \Windows\System32\advapi32.dll

  0xFF230000 \Windows\System32\Wldap32.dll

  0x76DB0000 \Windows\System32\kernel32.dll

  0xFF100000 \Windows\System32\rpcrt4.dll

  0xFF030000 \Windows\System32\usp10.dll

  0xFEE20000 \Windows\System32\ole32.dll

  0xFED10000 \Windows\System32\msctf.dll

  0x76C60000 \Windows\System32\urlmon.dll

  0xFECF0000 \Windows\System32\sechost.dll

  0xFECE0000 \Windows\System32\lpk.dll

  0xFEC00000 \Windows\System32\oleaut32.dll

  0x772B0000 \Windows\System32\psapi.dll

  0xFDE70000 \Windows\System32\shell32.dll

  0x76B60000 \Windows\System32\user32.dll

  0x76A00000 \Windows\System32\wininet.dll

  0x772A0000 \Windows\System32\normaliz.dll

  0xFDE20000 \Windows\System32\ws2_32.dll

  0xFDE00000 \Windows\System32\imagehlp.dll

  0xFDD60000 \Windows\System32\msvcrt.dll

  0xFDCC0000 \Windows\System32\comdlg32.dll

  0xFDC40000 \Windows\System32\difxapi.dll

  0xFDBD0000 \Windows\System32\gdi32.dll

  0xFDB30000 \Windows\System32\clbcatq.dll

  0xFD950000 \Windows\System32\setupapi.dll

  0xFD920000 \Windows\System32\imm32.dll

  0xFD910000 \Windows\System32\nsi.dll

  0xFD8A0000 \Windows\System32\KernelBase.dll

  0xFD860000 \Windows\System32\cfgmgr32.dll

  0xFD6F0000 \Windows\System32\crypt32.dll

  0xFD650000 \Windows\System32\comctl32.dll

  0xFD630000 \Windows\System32\devobj.dll

  0xFD5F0000 \Windows\System32\wintrust.dll

  0xFD5E0000 \Windows\System32\msasn1.dll
 

Processes (total 74):

       0 System Idle Process

       4 System

     492 C:\Windows\System32\smss.exe

     652 csrss.exe

     776 C:\Windows\System32\wininit.exe

     812 csrss.exe

     836 C:\Windows\System32\services.exe

     872 C:\Windows\System32\lsass.exe

     880 C:\Windows\System32\lsm.exe

    1004 C:\Windows\System32\svchost.exe

     584 C:\Windows\System32\winlogon.exe

     860 C:\Windows\System32\svchost.exe

     568 C:\Windows\System32\atiesrxx.exe

    1096 C:\Windows\System32\svchost.exe

    1148 C:\Windows\System32\svchost.exe

    1184 C:\Windows\System32\svchost.exe

    1352 C:\Windows\System32\svchost.exe

    1508 C:\Windows\System32\atieclxx.exe

    1536 C:\Windows\System32\svchost.exe

    1704 C:\Windows\System32\spoolsv.exe

    1752 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

    1772 C:\Windows\System32\svchost.exe

    1904 C:\Program Files\SUPERAntiSpyware\SASCore64.exe

    1924 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

    1948 C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

    1988 C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

    2024 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

    1056 C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

    1448 C:\Windows\System32\svchost.exe

    1608 C:\Windows\SysWOW64\svchost.exe

    1968 C:\Windows\System32\svchost.exe

    2104 C:\Windows\System32\svchost.exe

    2180 C:\Windows\System32\svchost.exe

    2244 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

    2256 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

    2268 C:\Windows\System32\conhost.exe

    2296 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

    2352 C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

    2408 C:\Windows\SysWOW64\vmnat.exe

    2444 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

    2500 C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

    2616 C:\Windows\SysWOW64\vmnetdhcp.exe

    2676 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe

    2688 C:\Windows\System32\svchost.exe

    3580 C:\Windows\System32\taskhost.exe

    3664 C:\Windows\System32\dwm.exe

    3732 C:\Windows\explorer.exe

    4052 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

    4072 C:\Program Files\Microsoft IntelliPoint\ipoint.exe

    3348 C:\Program Files (x86)\RocketDock\RocketDock.exe

    3620 C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe

    3720 C:\Program Files (x86)\SpeedFan\speedfan.exe

    3832 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

    3888 C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

    3856 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

    1232 C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe

    4128 C:\Windows\System32\SearchIndexer.exe

    4404 C:\Program Files\Windows Media Player\wmpnetwk.exe

    2868 C:\Windows\System32\svchost.exe

    4484 C:\Windows\System32\svchost.exe

    5036 C:\Windows\System32\wuauclt.exe

    3060 C:\Program Files\Internet Explorer\iexplore.exe

    1204 C:\Program Files\Internet Explorer\iexplore.exe

    3120 C:\Users\Admin\Desktop\TDSSKiller.exe

    4628 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    4332 C:\Windows\System32\taskmgr.exe

    4020 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

    4756 C:\Users\Admin\Desktop\slxftc4u.exe

    4728 C:\Windows\System32\SearchProtocolHost.exe

    2564 C:\Windows\System32\SearchFilterHost.exe

    2316 C:\Windows\System32\audiodg.exe

    4048 C:\Users\Admin\Desktop\MBRCheck.exe

    3884 C:\Windows\System32\conhost.exe

    3040 C:\Windows\System32\dllhost.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000  (NTFS)

\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000  (NTFS)

\\.\F: --> \\.\PhysicalDrive4 at offset 0x00000000`00007e00  (NTFS)

\\.\G: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000  (NTFS)

\\.\H: --> \\.\PhysicalDrive3 at offset 0x00000000`00100000  (NTFS)
 

PhysicalDrive0 Model Number: WDCWD5001AALS-00L3B2, Rev: 01.03B01

PhysicalDrive1 Model Number: WDCWD5001AALS-00L3B2, Rev: 01.03B01

PhysicalDrive4 Model Number: SAMSUNGHD103SI, Rev: 

PhysicalDrive2 Model Number: WDCWD800JD-55JRC0, Rev: 05.01C05

PhysicalDrive3 Model Number: WDCWD800JD-55MUA1, Rev: 10.01E01
 

      Size  Device Name          MBR Status

  --------------------------------------------

    465 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected

            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

    465 GB  \\.\PhysicalDrive1   Windows 7 MBR code detected

            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

    931 GB  \\.\PhysicalDrive4   MBR Code Faked!

            SHA1: E66945E656D4F829BDDDB4C521A9380F69735967

     74 GB  \\.\PhysicalDrive2   Windows 7 MBR code detected

            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

     74 GB  \\.\PhysicalDrive3   Windows 7 MBR code detected

            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
 
 

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit: 
 

Done!

GMER:

Code:

GMER 1.0.15.15570 - hxxp://www.gmer.net

Rootkit scan 2011-03-24 19:12:56

Windows 6.1.7601 Service Pack 1 

Running: slxftc4u.exe
 
 

---- Registry - GMER 1.0.15 ----
 

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x51 0x40 0xB8 0xDB ...

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files (x86)\DAEMON Tools Lite\

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xA3 0xD6 0xB6 0x72 ...

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xB9 0x1A 0xD8 0xED ...

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x51 0x40 0xB8 0xDB ...

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files (x86)\DAEMON Tools Lite\

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xA3 0xD6 0xB6 0x72 ...

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xB9 0x1A 0xD8 0xED ...
 

---- EOF - GMER 1.0.15 ----

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

SUPERAntiSpyware:

Code:

SUPERAntiSpyware Scann-Protokoll

hxxp://www.superantispyware.com
 

Generiert 03/24/2011 bei 09:43 PM
 

Version der Applikation : 4.50.1002
 

Version der Kern-Datenbank : 6669

Version der Spur-Datenbank : 4481
 

Scan Art       : kompletter Scann

Totale Scann-Zeit : 02:07:16
 

Gescannte Speicherelemente  : 623

Erfasste Speicher-Bedrohungen  : 0

Gescannte Register-Elemente  : 14786

Erfasste Register-Bedrohungen  : 0

Gescannte Datei-Elemente     : 268163

Erfasste Datei-Elemente   : 0

Malwarebytes:

Code:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 6158
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421
 

24.03.2011 20:36:16

mbam-log-2011-03-24 (20-36-16).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Durchsuchte Objekte: 432023

Laufzeit: 47 Minute(n), 59 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Mal ein kurzer Zwischenstand.
Nach dem Start der letzten beiden Scans habe ich zum letzten Mal im Taskmanager zwei iexplore.exe Tasks geschlossen. Seit diesem Zeitpunkt hat sich kein neuer mehr geöffnet.
Das ist jetzt ungefähr 2 1/2 Stunden her. Werde den Rechner neustarten und dann weiter laufen lassen. Mal sehen, wie es morgen aussieht.
:dankeschoen: erst Mal bis hierhin und gute Nacht

Es wurde nichts gefunden und das System scheint wieder völlig intakt zu sein :daumenhoc

Problem scheint behoben. iexplore.exe wird nicht mehr im Hintergrund gestartet.Woran hats denn gelegen?

Vielen Dank auf jeden Fall für die Hilfe :daumenhoc :dankeschoen:
Und ein schönes Wochenende

Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Alles Upgedated und geändert ...:Boogie:

Nochmals Danke:abklatsch: