Trojaner-Board - BDS/Sinowal.bogyo gefunden, was nun???

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - BDS/Sinowal.bogyo gefunden, was nun??? (https://www.trojaner-board.de/106931-bds-sinowal-bogyo-gefunden.html)

BDS/Sinowal.bogyo gefunden, was nun???

Habe auf meinem PC zwei BDS gefunden und würde gerne wissen was ich nun machen muss, bzw. wie viel Schaden dieser anrichten kann?

Hier meine Log Daten des Scans:

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Montag, 26. Dezember 2011 18:57

Es wird nach 2970283 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : JONNY-PC

Versionsinformationen:
BUILD.DAT : 10.2.0.704 35934 Bytes 28.09.2011 13:14:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 03.07.2011 20:42:26
AVSCAN.DLL : 10.0.5.0 57192 Bytes 03.07.2011 20:42:25
LUKE.DLL : 10.3.0.5 45416 Bytes 03.07.2011 20:42:27
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 11:59:47
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 03.07.2011 20:42:28
AVREG.DLL : 10.3.0.9 88833 Bytes 22.07.2011 10:52:08
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 09:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:40:47
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 17:46:11
VBASE003.VDF : 7.11.19.171 2048 Bytes 20.12.2011 17:46:12
VBASE004.VDF : 7.11.19.172 2048 Bytes 20.12.2011 17:46:13
VBASE005.VDF : 7.11.19.173 2048 Bytes 20.12.2011 17:46:13
VBASE006.VDF : 7.11.19.174 2048 Bytes 20.12.2011 17:46:13
VBASE007.VDF : 7.11.19.175 2048 Bytes 20.12.2011 17:46:13
VBASE008.VDF : 7.11.19.176 2048 Bytes 20.12.2011 17:46:13
VBASE009.VDF : 7.11.19.177 2048 Bytes 20.12.2011 17:46:13
VBASE010.VDF : 7.11.19.178 2048 Bytes 20.12.2011 17:46:13
VBASE011.VDF : 7.11.19.179 2048 Bytes 20.12.2011 17:46:13
VBASE012.VDF : 7.11.19.180 2048 Bytes 20.12.2011 17:46:14
VBASE013.VDF : 7.11.19.217 182784 Bytes 22.12.2011 17:46:22
VBASE014.VDF : 7.11.19.255 148480 Bytes 24.12.2011 17:46:26
VBASE015.VDF : 7.11.20.0 2048 Bytes 24.12.2011 17:46:27
VBASE016.VDF : 7.11.20.1 2048 Bytes 24.12.2011 17:46:27
VBASE017.VDF : 7.11.20.2 2048 Bytes 24.12.2011 17:46:27
VBASE018.VDF : 7.11.20.3 2048 Bytes 24.12.2011 17:46:27
VBASE019.VDF : 7.11.20.4 2048 Bytes 24.12.2011 17:46:28
VBASE020.VDF : 7.11.20.5 2048 Bytes 24.12.2011 17:46:28
VBASE021.VDF : 7.11.20.6 2048 Bytes 24.12.2011 17:46:29
VBASE022.VDF : 7.11.20.7 2048 Bytes 24.12.2011 17:46:29
VBASE023.VDF : 7.11.20.8 2048 Bytes 24.12.2011 17:46:29
VBASE024.VDF : 7.11.20.9 2048 Bytes 24.12.2011 17:46:29
VBASE025.VDF : 7.11.20.10 2048 Bytes 24.12.2011 17:46:30
VBASE026.VDF : 7.11.20.11 2048 Bytes 24.12.2011 17:46:30
VBASE027.VDF : 7.11.20.12 2048 Bytes 24.12.2011 17:46:30
VBASE028.VDF : 7.11.20.13 2048 Bytes 24.12.2011 17:46:30
VBASE029.VDF : 7.11.20.14 2048 Bytes 24.12.2011 17:46:30
VBASE030.VDF : 7.11.20.15 2048 Bytes 24.12.2011 17:46:30
VBASE031.VDF : 7.11.20.18 81920 Bytes 25.12.2011 17:46:33
Engineversion : 8.2.8.8
AEVDF.DLL : 8.1.2.2 106868 Bytes 26.10.2011 15:57:49
AESCRIPT.DLL : 8.1.3.92 495996 Bytes 26.12.2011 17:48:31
AESCN.DLL : 8.1.7.2 127349 Bytes 24.11.2010 20:28:57
AESBX.DLL : 8.2.4.5 434549 Bytes 05.12.2011 10:11:53
AERDL.DLL : 8.1.9.15 639348 Bytes 12.09.2011 11:15:14
AEPACK.DLL : 8.2.15.1 770423 Bytes 26.12.2011 17:48:26
AEOFFICE.DLL : 8.1.2.24 201084 Bytes 26.12.2011 17:48:06
AEHEUR.DLL : 8.1.3.8 4231543 Bytes 26.12.2011 17:48:01
AEHELP.DLL : 8.1.18.0 254327 Bytes 26.10.2011 15:57:45
AEGEN.DLL : 8.1.5.17 405877 Bytes 10.12.2011 22:32:01
AEEMU.DLL : 8.1.3.0 393589 Bytes 24.11.2010 20:28:54
AECORE.DLL : 8.1.24.2 201080 Bytes 26.12.2011 17:46:45
AEBB.DLL : 8.1.1.0 53618 Bytes 02.08.2010 15:09:25
AVWINLL.DLL : 10.0.0.0 19304 Bytes 02.08.2010 15:09:33
AVPREF.DLL : 10.0.3.2 44904 Bytes 03.07.2011 20:42:25
AVREP.DLL : 10.0.0.10 174120 Bytes 19.05.2011 10:21:30
AVARKT.DLL : 10.0.26.1 255336 Bytes 03.07.2011 20:42:25
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 03.07.2011 20:42:25
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 14:27:02
AVSMTP.DLL : 10.0.0.17 63848 Bytes 02.08.2010 15:09:33
NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 14:27:01
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 03.07.2011 20:42:23
RCTEXT.DLL : 10.0.64.0 98664 Bytes 03.07.2011 20:42:23

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Montag, 26. Dezember 2011 18:57

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'taskhost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'HotkeyService.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'CapsHook.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'SuperHybridEngine.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynAsusAcpi.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'HotKeyMon.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '167' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\explorer.exe>
[HINWEIS] Prozess 'explorer.exe' wurde beendet
Modul ist infiziert -> <C:\ProgramData\Windows\wsse.dll>
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Sinowal.bogyo
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a4219f1.qua' verschoben!
Durchsuche Prozess 'Dwm.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAANTMon.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsusService.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '148' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '102' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Users\Bene\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\61a36b2c-27c0f68d
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Sinowal.bogyo
Beginne mit der Suche in 'D:\'

Beginne mit der Desinfektion:
C:\Users\Bene\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\61a36b2c-27c0f68d
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Sinowal.bogyo
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '52e740ac.qua' verschoben!

Ende des Suchlaufs: Montag, 26. Dezember 2011 20:35
Benötigte Zeit: 1:38:49 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

21830 Verzeichnisse wurden überprüft
391480 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
391478 Dateien ohne Befall
6251 Archive wurden durchsucht
0 Warnungen
3 Hinweise
467710 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122605

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

27.12.2011 00:12:22
mbam-log-2011-12-27 (00-12-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 272010
Laufzeit: 1 Stunde(n), 44 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\alcohol soft\alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Quarantined and deleted successfully.

Code:

 ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=55e286cb96bd904b82040341bb169ab6

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-12-27 12:22:03

# local_time=2011-12-27 01:22:03 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1797 16775165 100 94 4138 61475552 0 0

# compatibility_mode=5893 16776573 100 94 3966 76573522 0 0

# compatibility_mode=8192 67108863 100 0 3781 3781 0 0

# scanned=39399

# found=0

# cleaned=0

# scan_time=2992

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=55e286cb96bd904b82040341bb169ab6

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-12-27 12:22:58

# local_time=2011-12-27 01:22:58 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1797 16775165 100 94 46721 61518135 59557 0

# compatibility_mode=5893 16776573 100 94 46549 76616105 0 0

# compatibility_mode=8192 67108863 100 0 46364 46364 0 0

# scanned=44397

# found=0

# cleaned=0

# scan_time=3664

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=55e286cb96bd904b82040341bb169ab6

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-12-27 10:46:01

# local_time=2011-12-27 11:46:01 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1797 16775165 100 94 78948 61550362 91784 0

# compatibility_mode=5893 16776573 100 94 78776 76648332 0 0

# compatibility_mode=8192 67108863 100 0 78591 78591 0 0

# scanned=110277

# found=0

# cleaned=0

# scan_time=8821

Sorry, hatte heut nich eher zeit den scan durchlaufen zu lassen.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

So hier der OTL log

Code:

OTL logfile created on: 12/28/2011 2:02:34 PM - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Bene\Desktop

 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1014.18 Mb Total Physical Memory | 340.61 Mb Available Physical Memory | 33.58% Memory free

1.99 Gb Paging File | 1.08 Gb Available in Paging File | 54.37% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 100.00 Gb Total Space | 68.09 Gb Free Space | 68.09% Space Free | Partition Type: NTFS

Drive D: | 117.87 Gb Total Space | 97.94 Gb Free Space | 83.09% Space Free | Partition Type: NTFS

 

Computer Name: JONNY-PC | User Name: Bene | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011/12/28 14:00:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bene\Desktop\OTL.exe

PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/07/03 21:42:26 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

PRC - [2011/07/03 21:42:25 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011/05/04 21:21:35 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010/08/02 16:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/06/09 22:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe

PRC - [2010/06/04 03:40:30 | 001,242,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe

PRC - [2010/05/29 00:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe

PRC - [2010/04/13 03:37:47 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe

PRC - [2010/01/14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2009/09/11 19:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe

PRC - [2009/08/19 01:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe

PRC - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

PRC - [2007/05/28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011/10/13 11:21:14 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\32f68764be7200d3796b55e377311245\Microsoft.VisualBasic.ni.dll

MOD - [2011/10/13 11:20:23 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll

MOD - [2011/10/13 11:14:11 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll

MOD - [2011/10/13 11:14:09 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll

MOD - [2011/10/13 11:14:08 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll

MOD - [2011/10/13 11:12:41 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll

MOD - [2011/10/13 11:12:15 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll

MOD - [2011/10/13 11:11:07 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll

MOD - [2011/10/13 11:10:53 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll

MOD - [2011/10/13 11:10:49 | 007,963,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll

MOD - [2011/10/13 11:10:20 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2011/03/02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll

MOD - [2010/11/19 12:47:52 | 000,030,032 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\SqliteShared\2.2.0.21078__0d0f4b69e50e559b\SqliteShared.dll

MOD - [2010/11/19 12:47:44 | 000,839,680 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll

MOD - [2010/11/13 00:19:04 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2010/09/01 04:51:14 | 000,124,240 | ---- | M] () -- C:\PROGRA~1\ASUS\ASUSWE~1\2256~1.108\ASUSWS~1.DLL

MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

MOD - [2009/01/18 23:50:02 | 000,417,792 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\adobexmp.dll

MOD - [2007/11/17 00:02:18 | 000,479,232 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll

MOD - [2007/11/17 00:02:18 | 000,401,408 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/07/03 21:42:26 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)

SRV - [2011/07/03 21:42:25 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/05/04 21:21:35 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2009/08/19 01:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)

SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)

SRV - [2007/05/28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/07/03 21:42:27 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/07/03 21:42:27 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/12/19 15:25:36 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/06/21 15:31:18 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)

DRV - [2010/06/17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/04/13 03:39:17 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)

DRV - [2010/04/13 03:36:46 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)

DRV - [2010/04/13 03:36:12 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)

DRV - [2009/11/17 12:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2009/10/05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/07/13 23:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)

DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "www.web.de"

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 5

FF - prefs.js..extensions.enabledItems: 3

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.02.18

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.100008

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\windows\system32\TVUAx\npTVUAx.dll (TVU networks)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Bene\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011/04/24 12:27:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/19 14:35:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 18:09:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/11 18:09:32 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/19 14:35:44 | 000,000,000 | ---D | M]

 

[2010/11/10 17:29:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\Extensions

[2011/11/11 13:50:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\Firefox\Profiles\cjzw9ml3.default\extensions

[2010/11/23 20:28:04 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Bene\AppData\Roaming\mozilla\Firefox\Profiles\cjzw9ml3.default\extensions\firefox@tvunetworks.com

[2011/12/15 14:56:22 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Bene\AppData\Roaming\mozilla\Firefox\Profiles\cjzw9ml3.default\extensions\toolbar@ask.com

[2011/11/11 18:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2011/11/05 08:10:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/11/05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011/11/05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/11/05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011/11/05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011/11/05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011/11/05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()

O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)

O4 - HKCU..\Run: [PCSpeedUp] C:\Program Files\PC Beschleunigen\PCSpeedUp.lnk ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7F63C76-5CE3-4005-AE2F-5722E559670D}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe - (Hewlett-Packard Co.)

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - C:\Windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico - ()

MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)

MsConfig - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})

MsConfig - StartUpReg: ASUS WebStorage - hkey= - key= -  File not found

MsConfig - StartUpReg: ASUSPRP - hkey= - key= - C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)

MsConfig - StartUpReg: ASUSWebStorage - hkey= - key= - C:\Program Files\ASUS\ASUS WebStorage\2.2.56.108\ASUSWSDashBoard.exe (eCareme)

MsConfig - StartUpReg: Boingo Wi-Fi - hkey= - key= - C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()

MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)

MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

MsConfig - StartUpReg: LiveUpdate - hkey= - key= -  File not found

MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011/12/28 14:00:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bene\Desktop\OTL.exe

[2011/12/27 00:29:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/12/26 22:20:47 | 000,000,000 | ---D | C] -- C:\Users\Bene\AppData\Roaming\Malwarebytes

[2011/12/26 22:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/12/26 22:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/12/26 22:20:27 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2011/12/26 22:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/12/26 20:36:34 | 000,000,000 | ---D | C] -- C:\ASUS WebStorage

[2011/12/10 16:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows

[2011/12/08 17:19:24 | 000,000,000 | ---D | C] -- C:\Users\Bene\Documents\Zeugnisse

[2010/04/13 03:36:12 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys

 
 ========== Files - Modified Within 30 Days ==========

 

[2011/12/28 14:05:05 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/12/28 14:05:05 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/12/28 14:00:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bene\Desktop\OTL.exe

[2011/12/28 13:57:00 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2011/12/28 13:56:50 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys

[2011/12/26 18:40:26 | 000,007,609 | ---- | M] () -- C:\Users\Bene\AppData\Local\Resmon.ResmonCfg

[2011/12/14 21:33:35 | 000,407,976 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2011/12/12 13:38:13 | 002,392,414 | ---- | M] () -- C:\Users\Bene\Desktop\LED Manual.pdf

[2011/12/09 12:16:04 | 000,266,111 | ---- | M] () -- C:\Users\Bene\Desktop\american dj.pdf

[2011/12/08 18:22:00 | 002,998,595 | ---- | M] () -- C:\Users\Bene\Desktop\Bewerbung komplett.pdf

[2011/12/08 17:21:10 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat

[2011/12/08 17:21:10 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2011/12/08 17:21:10 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat

[2011/12/08 17:21:10 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2011/11/30 15:27:08 | 000,118,319 | ---- | M] () -- C:\Users\Bene\Desktop\sylvesta.jpg

 
 ========== Files Created - No Company Name ==========

 

[2011/12/12 13:38:13 | 002,392,414 | ---- | C] () -- C:\Users\Bene\Desktop\LED Manual.pdf

[2011/12/09 12:16:04 | 000,266,111 | ---- | C] () -- C:\Users\Bene\Desktop\american dj.pdf

[2011/12/08 18:21:47 | 002,998,595 | ---- | C] () -- C:\Users\Bene\Desktop\Bewerbung komplett.pdf

[2011/11/30 15:26:57 | 000,118,319 | ---- | C] () -- C:\Users\Bene\Desktop\sylvesta.jpg

[2011/10/19 14:27:39 | 000,180,925 | ---- | C] () -- C:\windows\hpoins29.dat

[2011/10/19 14:27:39 | 000,000,457 | ---- | C] () -- C:\windows\hpomdl29.dat

[2011/10/04 11:59:08 | 000,007,609 | ---- | C] () -- C:\Users\Bene\AppData\Local\Resmon.ResmonCfg

[2010/11/10 16:50:18 | 000,000,117 | ---- | C] () -- C:\windows\TmPfw.ini

[2010/11/10 16:48:56 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS

[2010/11/10 16:33:17 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat

[2010/11/10 16:33:17 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat

[2010/06/24 17:31:21 | 000,129,472 | ---- | C] () -- C:\windows\TISReg.exe

[2010/06/24 17:12:19 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe

[2010/06/24 17:12:19 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini

[2010/06/24 17:10:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2010/06/24 17:08:32 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys

[2010/06/24 17:02:59 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat

[2009/11/17 12:08:34 | 000,197,424 | ---- | C] () -- C:\windows\System32\vpnapi.dll

[2009/07/26 02:28:45 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat

[2009/07/26 02:28:45 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat

[2009/07/26 02:28:45 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat

[2009/07/26 02:28:45 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat

[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat

[2009/07/14 05:33:53 | 000,407,976 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT

[2009/07/14 03:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat

[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat

[2009/07/14 03:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat

[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat

[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT

[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat

[2009/07/14 01:55:09 | 001,332,736 | ---- | C] () -- C:\windows\System32\hpotiop1.dll

[2009/07/14 01:55:09 | 000,587,776 | ---- | C] () -- C:\windows\System32\hpotscl1.dll

[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll

[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

[2009/02/26 07:50:32 | 000,000,176 | ---- | C] () -- C:\windows\explorer.exe.config

 
 ========== LOP Check ==========

 

[2010/11/22 08:59:09 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\ASUS WebStorage

[2011/03/21 13:29:57 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Awem

[2010/12/18 18:25:16 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1

[2010/12/19 15:16:04 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\DAEMON Tools Lite

[2010/11/10 16:37:54 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\E-Cam

[2011/11/26 14:51:19 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\ICQ

[2011/08/18 14:48:49 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\OpenCandy

[2011/04/24 12:37:02 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Swiss Academic Software

[2010/12/20 14:42:48 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Unity

[2011/07/15 15:22:31 | 000,032,764 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010/06/24 17:55:21 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Adobe

[2010/11/22 08:59:09 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\ASUS WebStorage

[2010/11/10 17:52:53 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Avira

[2011/03/21 13:29:57 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Awem

[2010/12/18 18:25:16 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1

[2010/12/19 15:16:04 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\DAEMON Tools Lite

[2010/11/10 16:37:54 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\E-Cam

[2011/10/19 14:39:42 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\HP

[2011/11/26 14:51:19 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\ICQ

[2009/07/14 05:54:12 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Identities

[2010/06/24 17:00:39 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\InstallShield

[2010/06/24 17:08:17 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Macromedia

[2011/12/26 22:20:47 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Malwarebytes

[2011/06/29 12:32:13 | 000,000,000 | --SD | M] -- C:\Users\Bene\AppData\Roaming\Microsoft

[2010/11/10 17:29:14 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Mozilla

[2011/08/18 14:48:49 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\OpenCandy

[2010/11/14 15:09:11 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Skype

[2011/04/24 12:37:02 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Swiss Academic Software

[2010/12/20 14:42:48 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Unity

[2011/08/18 15:05:44 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Winamp

[2011/05/02 17:30:57 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2010/06/24 17:08:16 | 000,038,784 | ---- | M] () -- C:\Users\Bene\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2011/11/25 11:29:16 | 003,654,824 | ---- | M] (Ask) -- C:\Users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\cjzw9ml3.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe

[2011/08/18 14:48:54 | 000,416,160 | ---- | M] () -- C:\Users\Bene\AppData\Roaming\OpenCandy\OpenCandy_462699EB23DD49769E57C6617393179D\LatestDLMgr.exe

[2011/08/01 23:38:30 | 001,872,896 | ---- | M] (Speedchecker Limited                                        ) -- C:\Users\Bene\AppData\Roaming\OpenCandy\OpenCandy_462699EB23DD49769E57C6617393179D\pcspeedup.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2009/06/05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2009/06/05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009/06/05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys

[2009/06/05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys

[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys

[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys

[2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys

[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

[2011/03/11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll

[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys

[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys

[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011/03/11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys

[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll

[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll

[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

[2010/12/19 15:25:36 | 000,722,416 | ---- | M] () Unable to obtain MD5 -- C:\windows\system32\drivers\sptd.sys

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:8FC027DE

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:AB689DEA
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: []  File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:8FC027DE

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:AB689DEA

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

ADS C:\ProgramData\TEMP:8FC027DE deleted successfully.

ADS C:\ProgramData\TEMP:AB689DEA deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

 

User: All Users

 

User: Bene

->Temp folder emptied: 1063168809 bytes

->Temporary Internet Files folder emptied: 66508638 bytes

->Java cache emptied: 5721212 bytes

->FireFox cache emptied: 346052170 bytes

->Flash cache emptied: 1308718 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 321 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: TEMP

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 48604846 bytes

RecycleBin emptied: 17744688 bytes

 

Total Files Cleaned = 1,477.00 mb

 

C:\windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 12292011_014815
 

Files\Folders moved on Reboot...

File\Folder C:\Users\Bene\AppData\Local\Temp\2011-08-09-1170011154_04-RG.PDF  not found!

File\Folder C:\Users\Bene\AppData\Local\Temp\2011-09-12-1180753617_04-RG.PDF  not found!

C:\windows\temp\HS.log moved successfully.
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Code:

13:35:59.0270 4052        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

13:35:59.0597 4052        ============================================================

13:35:59.0597 4052        Current date / time: 2011/12/29 13:35:59.0597

13:35:59.0597 4052        SystemInfo:

13:35:59.0597 4052        

13:35:59.0598 4052        OS Version: 6.1.7601 ServicePack: 1.0

13:35:59.0598 4052        Product type: Workstation

13:35:59.0599 4052        ComputerName: JONNY-PC

13:35:59.0599 4052        UserName: Bene

13:35:59.0600 4052        Windows directory: C:\windows

13:35:59.0600 4052        System windows directory: C:\windows

13:35:59.0600 4052        Processor architecture: Intel x86

13:35:59.0600 4052        Number of processors: 2

13:35:59.0600 4052        Page size: 0x1000

13:35:59.0600 4052        Boot type: Normal boot

13:35:59.0600 4052        ============================================================

13:36:01.0013 4052        Initialize success

13:36:31.0131 3432        ============================================================

13:36:31.0131 3432        Scan started

13:36:31.0131 3432        Mode: Manual; SigCheck; TDLFS; 

13:36:31.0131 3432        ============================================================

13:36:32.0800 3432        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys

13:36:33.0286 3432        1394ohci - ok

13:36:33.0407 3432        ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys

13:36:33.0482 3432        ACPI - ok

13:36:33.0555 3432        AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys

13:36:33.0749 3432        AcpiPmi - ok

13:36:33.0883 3432        adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys

13:36:33.0989 3432        adp94xx - ok

13:36:34.0117 3432        adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys

13:36:34.0209 3432        adpahci - ok

13:36:34.0340 3432        adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys

13:36:34.0415 3432        adpu320 - ok

13:36:34.0562 3432        AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys

13:36:34.0687 3432        AFD - ok

13:36:34.0801 3432        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys

13:36:34.0881 3432        agp440 - ok

13:36:34.0993 3432        aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys

13:36:35.0123 3432        aic78xx - ok

13:36:35.0266 3432        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys

13:36:35.0318 3432        aliide - ok

13:36:35.0471 3432        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys

13:36:35.0567 3432        amdagp - ok

13:36:35.0708 3432        amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys

13:36:35.0793 3432        amdide - ok

13:36:35.0910 3432        AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys

13:36:36.0087 3432        AmdK8 - ok

13:36:36.0198 3432        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys

13:36:36.0293 3432        AmdPPM - ok

13:36:36.0410 3432        amdsata         (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys

13:36:36.0501 3432        amdsata - ok

13:36:36.0621 3432        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys

13:36:36.0721 3432        amdsbs - ok

13:36:36.0829 3432        amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys

13:36:36.0899 3432        amdxata - ok

13:36:37.0076 3432        AppID           (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys

13:36:37.0298 3432        AppID - ok

13:36:37.0439 3432        arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys

13:36:37.0517 3432        arc - ok

13:36:37.0575 3432        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys

13:36:37.0640 3432        arcsas - ok

13:36:37.0747 3432        AsUpIO          (561d6b76c045311691b870f6b3f19eab) C:\windows\system32\drivers\AsUpIO.sys

13:36:37.0959 3432        AsUpIO - ok

13:36:38.0089 3432        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys

13:36:38.0373 3432        AsyncMac - ok

13:36:38.0499 3432        atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys

13:36:38.0575 3432        atapi - ok

13:36:38.0703 3432        athr            (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys

13:36:39.0000 3432        athr - ok

13:36:39.0143 3432        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys

13:36:39.0232 3432        avgntflt - ok

13:36:39.0265 3432        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys

13:36:39.0346 3432        avipbb - ok

13:36:39.0486 3432        b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys

13:36:39.0627 3432        b06bdrv - ok

13:36:39.0743 3432        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys

13:36:39.0873 3432        b57nd60x - ok

13:36:40.0003 3432        Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys

13:36:40.0198 3432        Beep - ok

13:36:40.0323 3432        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys

13:36:40.0418 3432        blbdrive - ok

13:36:40.0540 3432        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys

13:36:40.0656 3432        bowser - ok

13:36:40.0755 3432        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys

13:36:40.0889 3432        BrFiltLo - ok

13:36:41.0008 3432        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys

13:36:41.0134 3432        BrFiltUp - ok

13:36:41.0274 3432        Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys

13:36:41.0393 3432        Brserid - ok

13:36:41.0503 3432        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys

13:36:41.0579 3432        BrSerWdm - ok

13:36:41.0598 3432        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys

13:36:41.0707 3432        BrUsbMdm - ok

13:36:41.0811 3432        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys

13:36:41.0899 3432        BrUsbSer - ok

13:36:42.0029 3432        BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys

13:36:42.0208 3432        BthEnum - ok

13:36:42.0320 3432        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys

13:36:42.0410 3432        BTHMODEM - ok

13:36:42.0532 3432        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys

13:36:42.0675 3432        BthPan - ok

13:36:42.0804 3432        BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys

13:36:42.0973 3432        BTHPORT - ok

13:36:43.0100 3432        BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys

13:36:43.0215 3432        BTHUSB - ok

13:36:43.0324 3432        btusbflt        (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys

13:36:43.0414 3432        btusbflt - ok

13:36:43.0528 3432        btwaudio - ok

13:36:43.0594 3432        btwavdt - ok

13:36:43.0676 3432        btwl2cap - ok

13:36:43.0765 3432        btwrchid - ok

13:36:43.0842 3432        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys

13:36:44.0038 3432        cdfs - ok

13:36:44.0231 3432        cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys

13:36:44.0494 3432        cdrom - ok

13:36:44.0693 3432        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys

13:36:44.0861 3432        circlass - ok

13:36:45.0044 3432        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys

13:36:45.0114 3432        CLFS - ok

13:36:45.0379 3432        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys

13:36:45.0489 3432        CmBatt - ok

13:36:45.0602 3432        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys

13:36:45.0676 3432        cmdide - ok

13:36:45.0745 3432        CNG             (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys

13:36:45.0946 3432        CNG - ok

13:36:46.0058 3432        Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys

13:36:46.0127 3432        Compbatt - ok

13:36:46.0191 3432        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys

13:36:46.0272 3432        CompositeBus - ok

13:36:46.0423 3432        crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys

13:36:46.0477 3432        crcdisk - ok

13:36:46.0633 3432        CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\windows\system32\DRIVERS\CVirtA.sys

13:36:46.0812 3432        CVirtA - ok

13:36:47.0459 3432        CVPNDRVA        (c23025ac5ae45a105d63bd6e2408edd4) C:\windows\system32\Drivers\CVPNDRVA.sys

13:36:47.0607 3432        CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning

13:36:47.0608 3432        CVPNDRVA - detected UnsignedFile.Multi.Generic (1)

13:36:47.0767 3432        DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys

13:36:47.0925 3432        DfsC - ok

13:36:48.0055 3432        discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys

13:36:48.0181 3432        discache - ok

13:36:48.0324 3432        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys

13:36:48.0408 3432        Disk - ok

13:36:48.0467 3432        DNE             (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\windows\system32\DRIVERS\dne2000.sys

13:36:48.0511 3432        DNE - ok

13:36:48.0625 3432        Dot4            (b5e479eb83707dd698f66953e922042c) C:\windows\system32\DRIVERS\Dot4.sys

13:36:48.0825 3432        Dot4 - ok

13:36:49.0003 3432        Dot4Print       (caefd09b6a6249c53a67d55a9a9fcabf) C:\windows\system32\DRIVERS\Dot4Prt.sys

13:36:49.0155 3432        Dot4Print - ok

13:36:49.0275 3432        dot4usb         (cf491ff38d62143203c065260567e2f7) C:\windows\system32\DRIVERS\dot4usb.sys

13:36:49.0381 3432        dot4usb - ok

13:36:49.0514 3432        drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys

13:36:49.0580 3432        drmkaud - ok

13:36:49.0642 3432        DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys

13:36:49.0858 3432        DXGKrnl - ok

13:36:50.0104 3432        ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys

13:36:50.0420 3432        ebdrv - ok

13:36:50.0557 3432        elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys

13:36:50.0663 3432        elxstor - ok

13:36:50.0702 3432        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys

13:36:50.0793 3432        ErrDev - ok

13:36:50.0926 3432        exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys

13:36:51.0074 3432        exfat - ok

13:36:51.0111 3432        fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys

13:36:51.0411 3432        fastfat - ok

13:36:51.0655 3432        fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys

13:36:51.0762 3432        fdc - ok

13:36:52.0024 3432        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys

13:36:52.0126 3432        FileInfo - ok

13:36:52.0304 3432        Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys

13:36:52.0497 3432        Filetrace - ok

13:36:52.0704 3432        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys

13:36:52.0784 3432        flpydisk - ok

13:36:52.0900 3432        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys

13:36:52.0985 3432        FltMgr - ok

13:36:53.0062 3432        FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys

13:36:53.0165 3432        FsDepends - ok

13:36:53.0365 3432        fssfltr         (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys

13:36:53.0480 3432        fssfltr - ok

13:36:53.0653 3432        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys

13:36:53.0731 3432        Fs_Rec - ok

13:36:53.0866 3432        fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys

13:36:53.0948 3432        fvevol - ok

13:36:54.0074 3432        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys

13:36:54.0167 3432        gagp30kx - ok

13:36:54.0317 3432        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys

13:36:54.0618 3432        hcw85cir - ok

13:36:54.0737 3432        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys

13:36:54.0870 3432        HdAudAddService - ok

13:36:55.0002 3432        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys

13:36:55.0095 3432        HDAudBus - ok

13:36:55.0141 3432        HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys

13:36:55.0236 3432        HidBatt - ok

13:36:55.0343 3432        HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys

13:36:55.0519 3432        HidBth - ok

13:36:55.0631 3432        HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys

13:36:55.0748 3432        HidIr - ok

13:36:55.0891 3432        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys

13:36:55.0997 3432        HidUsb - ok

13:36:56.0191 3432        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys

13:36:56.0255 3432        HpSAMD - ok

13:36:56.0355 3432        HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys

13:36:56.0489 3432        HTTP - ok

13:36:56.0606 3432        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys

13:36:56.0649 3432        hwpolicy - ok

13:36:56.0726 3432        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys

13:36:56.0854 3432        i8042prt - ok

13:36:57.0024 3432        iaStor          (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys

13:36:57.0074 3432        iaStor - ok

13:36:57.0174 3432        iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys

13:36:57.0274 3432        iaStorV - ok

13:36:57.0575 3432        igfx            (ba41e1bba410212ce6d30e0dac47972b) C:\windows\system32\DRIVERS\igdkmd32.sys

13:36:57.0967 3432        igfx - ok

13:36:58.0073 3432        iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys

13:36:58.0131 3432        iirsp - ok

13:36:58.0371 3432        IntcAzAudAddService (bf9866875edf86aae24dd8bd9418deff) C:\windows\system32\drivers\RTKVHDA.sys

13:36:58.0798 3432        IntcAzAudAddService - ok

13:36:58.0991 3432        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys

13:36:59.0096 3432        intelide - ok

13:36:59.0273 3432        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys

13:36:59.0446 3432        intelppm - ok

13:36:59.0587 3432        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys

13:36:59.0750 3432        IpFilterDriver - ok

13:36:59.0876 3432        IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys

13:36:59.0987 3432        IPMIDRV - ok

13:37:00.0097 3432        IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys

13:37:00.0265 3432        IPNAT - ok

13:37:00.0419 3432        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys

13:37:00.0660 3432        IRENUM - ok

13:37:00.0783 3432        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys

13:37:00.0867 3432        isapnp - ok

13:37:00.0980 3432        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys

13:37:01.0095 3432        iScsiPrt - ok

13:37:01.0155 3432        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys

13:37:01.0244 3432        kbdclass - ok

13:37:01.0510 3432        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\DRIVERS\kbdhid.sys

13:37:01.0592 3432        kbdhid - ok

13:37:01.0736 3432        kbfiltr         (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys

13:37:01.0816 3432        kbfiltr - ok

13:37:01.0960 3432        KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys

13:37:02.0083 3432        KSecDD - ok

13:37:02.0197 3432        KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys

13:37:02.0278 3432        KSecPkg - ok

13:37:02.0415 3432        L1C             (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys

13:37:02.0520 3432        L1C - ok

13:37:02.0682 3432        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys

13:37:02.0824 3432        lltdio - ok

13:37:02.0977 3432        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys

13:37:03.0067 3432        LSI_FC - ok

13:37:03.0187 3432        LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys

13:37:03.0276 3432        LSI_SAS - ok

13:37:03.0403 3432        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys

13:37:03.0497 3432        LSI_SAS2 - ok

13:37:03.0628 3432        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys

13:37:03.0717 3432        LSI_SCSI - ok

13:37:03.0842 3432        luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys

13:37:04.0032 3432        luafv - ok

13:37:04.0200 3432        MBAMProtector   (69a6268d7f81e53d568ab4e7e991caf3) C:\windows\system32\drivers\mbam.sys

13:37:04.0307 3432        MBAMProtector - ok

13:37:04.0571 3432        MBAMSwissArmy - ok

13:37:04.0660 3432        megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys

13:37:04.0765 3432        megasas - ok

13:37:04.0889 3432        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys

13:37:04.0985 3432        MegaSR - ok

13:37:05.0108 3432        Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys

13:37:05.0272 3432        Modem - ok

13:37:05.0402 3432        monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys

13:37:05.0514 3432        monitor - ok

13:37:05.0636 3432        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys

13:37:05.0717 3432        mouclass - ok

13:37:05.0835 3432        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys

13:37:05.0946 3432        mouhid - ok

13:37:06.0067 3432        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys

13:37:06.0123 3432        mountmgr - ok

13:37:06.0187 3432        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys

13:37:06.0280 3432        mpio - ok

13:37:06.0384 3432        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys

13:37:06.0555 3432        mpsdrv - ok

13:37:06.0685 3432        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys

13:37:06.0840 3432        MRxDAV - ok

13:37:06.0967 3432        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys

13:37:07.0091 3432        mrxsmb - ok

13:37:07.0223 3432        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys

13:37:07.0414 3432        mrxsmb10 - ok

13:37:07.0525 3432        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys

13:37:07.0615 3432        mrxsmb20 - ok

13:37:07.0698 3432        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys

13:37:07.0762 3432        msahci - ok

13:37:07.0819 3432        msdsm           (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys

13:37:07.0910 3432        msdsm - ok

13:37:07.0993 3432        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys

13:37:08.0136 3432        Msfs - ok

13:37:08.0242 3432        mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys

13:37:08.0386 3432        mshidkmdf - ok

13:37:08.0498 3432        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys

13:37:08.0559 3432        msisadrv - ok

13:37:08.0703 3432        MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys

13:37:08.0844 3432        MSKSSRV - ok

13:37:08.0959 3432        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys

13:37:09.0102 3432        MSPCLOCK - ok

13:37:09.0221 3432        MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys

13:37:09.0398 3432        MSPQM - ok

13:37:09.0512 3432        MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys

13:37:09.0591 3432        MsRPC - ok

13:37:09.0646 3432        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys

13:37:09.0698 3432        mssmbios - ok

13:37:09.0744 3432        MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys

13:37:09.0892 3432        MSTEE - ok

13:37:09.0997 3432        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys

13:37:10.0073 3432        MTConfig - ok

13:37:10.0108 3432        Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys

13:37:10.0191 3432        Mup - ok

13:37:10.0335 3432        NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys

13:37:10.0458 3432        NativeWifiP - ok

13:37:10.0615 3432        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys

13:37:10.0725 3432        NDIS - ok

13:37:10.0846 3432        NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys

13:37:11.0015 3432        NdisCap - ok

13:37:11.0127 3432        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys

13:37:11.0273 3432        NdisTapi - ok

13:37:11.0399 3432        Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys

13:37:11.0524 3432        Ndisuio - ok

13:37:11.0586 3432        NdisWan         (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys

13:37:11.0766 3432        NdisWan - ok

13:37:11.0892 3432        NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys

13:37:12.0050 3432        NDProxy - ok

13:37:12.0197 3432        NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys

13:37:12.0364 3432        NetBIOS - ok

13:37:12.0485 3432        NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys

13:37:12.0627 3432        NetBT - ok

13:37:12.0806 3432        netr73          (76b1157ef850830c5ece61d3e591ca8b) C:\windows\system32\DRIVERS\netr73.sys

13:37:12.0962 3432        netr73 - ok

13:37:13.0100 3432        nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys

13:37:13.0166 3432        nfrd960 - ok

13:37:13.0224 3432        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys

13:37:13.0381 3432        Npfs - ok

13:37:13.0492 3432        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys

13:37:13.0628 3432        nsiproxy - ok

13:37:13.0725 3432        Ntfs            (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys

13:37:13.0959 3432        Ntfs - ok

13:37:14.0073 3432        Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys

13:37:14.0234 3432        Null - ok

13:37:14.0352 3432        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys

13:37:14.0445 3432        nvraid - ok

13:37:14.0560 3432        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys

13:37:14.0652 3432        nvstor - ok

13:37:14.0777 3432        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys

13:37:14.0852 3432        nv_agp - ok

13:37:14.0987 3432        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys

13:37:15.0081 3432        ohci1394 - ok

13:37:15.0243 3432        Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys

13:37:15.0328 3432        Parport - ok

13:37:15.0440 3432        partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys

13:37:15.0520 3432        partmgr - ok

13:37:15.0569 3432        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys

13:37:15.0660 3432        Parvdm - ok

13:37:15.0796 3432        pci             (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys

13:37:15.0878 3432        pci - ok

13:37:15.0921 3432        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys

13:37:15.0983 3432        pciide - ok

13:37:16.0035 3432        pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys

13:37:16.0119 3432        pcmcia - ok

13:37:16.0153 3432        pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys

13:37:16.0230 3432        pcw - ok

13:37:16.0282 3432        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys

13:37:16.0511 3432        PEAUTH - ok

13:37:16.0794 3432        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys

13:37:16.0944 3432        PptpMiniport - ok

13:37:17.0069 3432        Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys

13:37:17.0151 3432        Processor - ok

13:37:17.0310 3432        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys

13:37:17.0470 3432        Psched - ok

13:37:17.0621 3432        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys

13:37:17.0883 3432        ql2300 - ok

13:37:18.0001 3432        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys

13:37:18.0077 3432        ql40xx - ok

13:37:18.0120 3432        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys

13:37:18.0220 3432        QWAVEdrv - ok

13:37:18.0287 3432        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys

13:37:18.0432 3432        RasAcd - ok

13:37:18.0546 3432        RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys

13:37:18.0673 3432        RasAgileVpn - ok

13:37:18.0722 3432        Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys

13:37:18.0887 3432        Rasl2tp - ok

13:37:19.0025 3432        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys

13:37:19.0189 3432        RasPppoe - ok

13:37:19.0306 3432        RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys

13:37:19.0447 3432        RasSstp - ok

13:37:19.0511 3432        rdbss           (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys

13:37:19.0690 3432        rdbss - ok

13:37:19.0808 3432        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys

13:37:19.0901 3432        rdpbus - ok

13:37:19.0983 3432        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys

13:37:20.0099 3432        RDPCDD - ok

13:37:20.0169 3432        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys

13:37:20.0302 3432        RDPENCDD - ok

13:37:20.0408 3432        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys

13:37:20.0527 3432        RDPREFMP - ok

13:37:20.0586 3432        RDPWD           (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys

13:37:20.0733 3432        RDPWD - ok

13:37:20.0864 3432        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys

13:37:20.0967 3432        rdyboost - ok

13:37:21.0118 3432        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys

13:37:21.0210 3432        RFCOMM - ok

13:37:21.0381 3432        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys

13:37:21.0547 3432        rspndr - ok

13:37:21.0678 3432        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys

13:37:21.0751 3432        sbp2port - ok

13:37:21.0812 3432        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys

13:37:21.0937 3432        scfilter - ok

13:37:22.0035 3432        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys

13:37:22.0180 3432        secdrv - ok

13:37:22.0327 3432        Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys

13:37:22.0403 3432        Serenum - ok

13:37:22.0528 3432        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys

13:37:22.0637 3432        Serial - ok

13:37:22.0742 3432        sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys

13:37:22.0826 3432        sermouse - ok

13:37:22.0913 3432        sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys

13:37:23.0036 3432        sffdisk - ok

13:37:23.0154 3432        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys

13:37:23.0244 3432        sffp_mmc - ok

13:37:23.0359 3432        sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys

13:37:23.0450 3432        sffp_sd - ok

13:37:23.0564 3432        sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys

13:37:23.0655 3432        sfloppy - ok

13:37:23.0811 3432        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys

13:37:23.0905 3432        sisagp - ok

13:37:24.0073 3432        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys

13:37:24.0152 3432        SiSRaid2 - ok

13:37:24.0300 3432        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys

13:37:24.0386 3432        SiSRaid4 - ok

13:37:24.0513 3432        Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys

13:37:24.0683 3432        Smb - ok

13:37:24.0839 3432        spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys

13:37:24.0900 3432        spldr - ok

13:37:25.0125 3432        sptd            (a80cd850d69d996c832bea37e3a6aa1e) C:\windows\system32\Drivers\sptd.sys

13:37:25.0125 3432        Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e

13:37:25.0131 3432        sptd ( LockedFile.Multi.Generic ) - warning

13:37:25.0131 3432        sptd - detected LockedFile.Multi.Generic (1)

13:37:25.0190 3432        srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys

13:37:25.0346 3432        srv - ok

13:37:25.0464 3432        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys

13:37:25.0582 3432        srv2 - ok

13:37:25.0655 3432        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys

13:37:25.0767 3432        srvnet - ok

13:37:25.0927 3432        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys

13:37:25.0988 3432        ssmdrv - ok

13:37:26.0149 3432        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys

13:37:26.0239 3432        stexstor - ok

13:37:26.0380 3432        swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys

13:37:26.0450 3432        swenum - ok

13:37:26.0605 3432        SynTP           (bd8e7f87de409a745a132a8812de5a96) C:\windows\system32\DRIVERS\SynTP.sys

13:37:26.0699 3432        SynTP - ok

13:37:26.0900 3432        Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys

13:37:27.0144 3432        Tcpip - ok

13:37:27.0307 3432        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys

13:37:27.0429 3432        TCPIP6 - ok

13:37:27.0500 3432        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys

13:37:27.0647 3432        tcpipreg - ok

13:37:27.0781 3432        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys

13:37:27.0924 3432        TDPIPE - ok

13:37:28.0045 3432        TDTCP           (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys

13:37:28.0198 3432        TDTCP - ok

13:37:28.0318 3432        tdx             (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys

13:37:28.0457 3432        tdx - ok

13:37:28.0504 3432        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys

13:37:28.0576 3432        TermDD - ok

13:37:28.0786 3432        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys

13:37:28.0919 3432        tssecsrv - ok

13:37:29.0050 3432        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys

13:37:29.0172 3432        TsUsbFlt - ok

13:37:29.0318 3432        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys

13:37:29.0487 3432        tunnel - ok

13:37:29.0550 3432        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys

13:37:29.0626 3432        uagp35 - ok

13:37:29.0706 3432        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys

13:37:29.0850 3432        udfs - ok

13:37:30.0012 3432        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys

13:37:30.0086 3432        uliagpkx - ok

13:37:30.0217 3432        umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys

13:37:30.0329 3432        umbus - ok

13:37:30.0449 3432        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys

13:37:30.0537 3432        UmPass - ok

13:37:30.0666 3432        usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys

13:37:30.0781 3432        usbccgp - ok

13:37:30.0899 3432        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys

13:37:31.0017 3432        usbcir - ok

13:37:31.0125 3432        usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys

13:37:31.0220 3432        usbehci - ok

13:37:31.0355 3432        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys

13:37:31.0469 3432        usbhub - ok

13:37:31.0571 3432        usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys

13:37:31.0650 3432        usbohci - ok

13:37:31.0705 3432        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys

13:37:31.0796 3432        usbprint - ok

13:37:31.0909 3432        usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys

13:37:32.0018 3432        usbscan - ok

13:37:32.0135 3432        USBSTOR         (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS

13:37:32.0236 3432        USBSTOR - ok

13:37:32.0350 3432        usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys

13:37:32.0426 3432        usbuhci - ok

13:37:32.0559 3432        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys

13:37:32.0656 3432        usbvideo - ok

13:37:32.0811 3432        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys

13:37:32.0884 3432        vdrvroot - ok

13:37:32.0948 3432        vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys

13:37:33.0058 3432        vga - ok

13:37:33.0174 3432        VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys

13:37:33.0323 3432        VgaSave - ok

13:37:33.0447 3432        vhdmp           (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys

13:37:33.0546 3432        vhdmp - ok

13:37:33.0677 3432        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys

13:37:33.0745 3432        viaagp - ok

13:37:33.0792 3432        ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys

13:37:33.0904 3432        ViaC7 - ok

13:37:34.0017 3432        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys

13:37:34.0095 3432        viaide - ok

13:37:34.0139 3432        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys

13:37:34.0208 3432        volmgr - ok

13:37:34.0307 3432        volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys

13:37:34.0382 3432        volmgrx - ok

13:37:34.0436 3432        volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys

13:37:34.0531 3432        volsnap - ok

13:37:34.0660 3432        vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys

13:37:34.0751 3432        vsmraid - ok

13:37:34.0885 3432        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys

13:37:34.0993 3432        vwifibus - ok

13:37:35.0120 3432        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys

13:37:35.0232 3432        vwififlt - ok

13:37:35.0353 3432        vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys

13:37:35.0463 3432        vwifimp - ok

13:37:35.0611 3432        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys

13:37:35.0710 3432        WacomPen - ok

13:37:35.0844 3432        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

13:37:35.0997 3432        WANARP - ok

13:37:36.0015 3432        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

13:37:36.0130 3432        Wanarpv6 - ok

13:37:36.0301 3432        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys

13:37:36.0365 3432        Wd - ok

13:37:36.0496 3432        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys

13:37:36.0617 3432        Wdf01000 - ok

13:37:36.0833 3432        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys

13:37:36.0990 3432        WfpLwf - ok

13:37:37.0105 3432        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys

13:37:37.0168 3432        WIMMount - ok

13:37:37.0411 3432        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUSB.sys

13:37:37.0509 3432        WinUsb - ok

13:37:37.0615 3432        WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys

13:37:37.0691 3432        WmiAcpi - ok

13:37:37.0886 3432        ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys

13:37:38.0045 3432        ws2ifsl - ok

13:37:38.0228 3432        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys

13:37:38.0393 3432        WudfPf - ok

13:37:38.0558 3432        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys

13:37:38.0769 3432        WUDFRd - ok

13:37:38.0924 3432        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

13:37:39.0077 3432        \Device\Harddisk0\DR0 - ok

13:37:39.0090 3432        Boot (0x1200)   (4fc34a42f7c4a37d02f0f85b7024173c) \Device\Harddisk0\DR0\Partition0

13:37:39.0093 3432        \Device\Harddisk0\DR0\Partition0 - ok

13:37:39.0130 3432        Boot (0x1200)   (e561d3855e7409f40c075f86402524ce) \Device\Harddisk0\DR0\Partition1

13:37:39.0133 3432        \Device\Harddisk0\DR0\Partition1 - ok

13:37:39.0135 3432        ============================================================

13:37:39.0135 3432        Scan finished

13:37:39.0135 3432        ============================================================

13:37:39.0197 2376        Detected object count: 2

13:37:39.0197 2376        Actual detected object count: 2

13:38:49.0433 2376        CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user

13:38:49.0434 2376        CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:38:49.0438 2376        sptd ( LockedFile.Multi.Generic ) - skipped by user

13:38:49.0439 2376        sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Code:

ComboFix 11-12-29.05 - Bene 29.12.2011  23:08:46.1.2 - x86

Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.1014.282 [GMT 1:00]

ausgeführt von:: c:\users\Bene\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

c:\programdata\windows

c:\programdata\Windows\dumd.dat

c:\programdata\Windows\xdor.dat

c:\users\Bene\AppData\Local\assembly\tmp

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-11-28 bis 2011-12-29  ))))))))))))))))))))))))))))))

.

.

2011-12-29 22:22 . 2011-12-29 22:22        --------        d-----w-        c:\users\Bene\AppData\Local\temp

2011-12-29 22:22 . 2011-12-29 22:22        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-12-29 12:41 . 2011-12-29 12:43        --------        d-----w-        c:\users\Bene\TrojanerBoard

2011-12-29 12:31 . 2011-12-29 12:31        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7CFBF18-9459-44EB-91D7-15FFC3382DA1}\offreg.dll

2011-12-29 00:48 . 2011-12-29 00:48        --------        d-----w-        C:\_OTL

2011-12-27 23:10 . 2011-11-21 10:47        6823496        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7CFBF18-9459-44EB-91D7-15FFC3382DA1}\mpengine.dll

2011-12-26 23:29 . 2011-12-26 23:29        --------        d-----w-        c:\program files\ESET

2011-12-26 21:20 . 2011-12-26 21:20        --------        d-----w-        c:\users\Bene\AppData\Roaming\Malwarebytes

2011-12-26 21:20 . 2011-12-26 21:20        --------        d-----w-        c:\programdata\Malwarebytes

2011-12-26 21:20 . 2011-12-26 21:20        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-12-26 21:20 . 2011-08-31 16:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-12-26 19:36 . 2011-12-26 19:36        --------        d-----w-        C:\ASUS WebStorage

2011-12-14 19:55 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\system32\EncDec.dll

2011-12-14 19:55 . 2011-10-26 04:28        38912        ----a-w-        c:\windows\system32\csrsrv.dll

2011-12-14 19:55 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\system32\tzres.dll

2011-12-14 19:55 . 2011-11-24 04:25        2342912        ----a-w-        c:\windows\system32\win32k.sys

2011-12-14 19:54 . 2011-10-26 04:47        3912560        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-12-14 19:54 . 2011-10-26 04:47        3967856        ----a-w-        c:\windows\system32\ntkrnlpa.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-25 12:34 . 2011-06-01 15:41        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-15 13:29 . 2010-11-10 16:13        222080        ------w-        c:\windows\system32\MpSigStub.exe

2011-11-05 07:10 . 2011-11-11 17:09        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-11-21 01:18        1515688        ----a-w-        c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-21 1515688]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"

[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"

[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PCSpeedUp"="c:\program files\PC Beschleunigen\PCSpeedUp.lnk" [2011-08-18 2393]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"HotkeyMon"="AsusSender.exe" [2010-03-03 29184]

"HotkeyService"="AsusSender.exe" [2010-03-03 29184]

"SuperHybridEngine"="AsusSender.exe" [2010-03-03 29184]

"CapsHook"="AsusSender.exe" [2010-03-03 29184]

"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2010-03-29 415920]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-22 9177632]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-13 1594664]

"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2010-04-13 83240]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk

backup=c:\windows\pss\VPN Client.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2009-09-30 16:28        203928        ----a-w-        c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]

2011-09-08 13:55        888488        ----a-w-        c:\program files\Ask.com\Updater\Updater.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSPRP]

2010-06-24 16:09        2018032        ----a-w-        c:\program files\ASUS\APRP\aprp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSWebStorage]

2010-09-01 03:51        5096784        ----a-w-        c:\program files\ASUS\ASUS WebStorage\2.2.56.108\AsusWSDashBoard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boingo Wi-Fi]

2010-11-10 15:39        2429        ----a-w-        c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2008-07-22 16:33        150528        ----a-w-        c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2009-06-05 02:03        186904        ----a-w-        c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate]

2010-03-03 05:21        29184        ----a-w-        c:\windows\System32\AsusSender.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 15:44        3883840        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-04-08 10:59        254696        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2011-07-11 21:47        74752        ----a-w-        c:\program files\Winamp\winampa.exe

.

R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 43944]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-19 722416]

S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-06-21 11520]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-04 136360]

S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-07-03 428200]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2010-04-13 51712]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 24022906

*NewlyCreated* - 93751024

*Deregistered* - 24022906

*Deregistered* - 93751024

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.web.de/

IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Bene\AppData\Roaming\Mozilla\Firefox\Profiles\cjzw9ml3.default\

FF - prefs.js: browser.startup.homepage - www.web.de

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

MSConfigStartUp-ASUS WebStorage - c:\program files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,38,12,81,47,e9,

   25,5f,79,3d,08,e4,19,c9,c9,d6,7c,d4,7c

"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,

   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54

"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,

   07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{609D670F-B735-4DA7-AC6D-F3BD358E325E}"=hex:51,66,7a,6c,4c,1d,38,12,61,64,8e,

   64,07,f9,c9,08,d3,7b,b0,fd,30,d0,76,4a

"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,

   6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,38,12,ae,8e,49,

   e5,24,cb,cf,07,fe,fc,9f,d4,e9,44,8b,04

"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,

   fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42

"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,

   51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:9e,56,93,24,99,b7,cc,01

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-12-29  23:27:19

ComboFix-quarantined-files.txt  2011-12-29 22:27

.

Vor Suchlauf: 8 Verzeichnis(se), 74.611.580.928 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 74.281.631.744 Bytes frei

.

- - End Of File - - C2C501A54C03151E42CE32269563FE29

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Also GMER is zweimal abgestürzt, jeweils als versucht wurde \FileSystem\UdfsDiskRecognizer zu scannen.

Hier der Logfile von OSAM:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 12:56:44 on 30.12.2011
 

OS: Windows 7 Starter Edition Service Pack 1 (Build 7601), 32-bit

Default Browser: Mozilla Corporation Firefox 8.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\windows\system32\FlashPlayerCPLApp.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"apsbk9er" (apsbk9er) - "Microsoft Corporation" - C:\windows\system32\drivers\apsbk9er.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"AsUpIO" (AsUpIO) - ? - C:\windows\System32\drivers\AsUpIO.sys  (File found, but it contains no detailed information)

"avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys

"Bluetooth Audio Device Service" (btwaudio) - ? - C:\windows\System32\drivers\btwaudio.sys  (File not found)

"Bluetooth AVDT" (btwavdt) - ? - C:\windows\system32\DRIVERS\btwavdt.sys  (File not found)

"Bluetooth L2CAP Service" (btwl2cap) - ? - C:\windows\System32\DRIVERS\btwl2cap.sys  (File not found)

"btwrchid" (btwrchid) - ? - C:\windows\system32\DRIVERS\btwrchid.sys  (File not found)

"catchme" (catchme) - ? - C:\Users\Bene\AppData\Local\Temp\catchme.sys  (File not found)

"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\windows\system32\Drivers\CVPNDRVA.sys

"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\fssfltr.sys

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\windows\system32\drivers\mbam.sys

"MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\windows\system32\drivers\mbamswissarmy.sys  (File not found)

"sptd" (sptd) - "Duplex Secure Ltd." - C:\windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll

<binary data> "Avira SearchFree Toolbar plus Web Protection" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{D4027C7F-154A-4066-A1AD-4243D8127440} "Avira SearchFree Toolbar plus Web Protection" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll

{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corp." - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Bene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"CapsHook" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\EeePC\CapsHook\CapsHook.exe

"Eee Docking" - ? - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun

"HotkeyMon" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe

"HotkeyService" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

"SuperHybridEngine" - "ASUSTek Computer Inc." - AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Asus Launcher Service" (AsusService) - ? - C:\Windows\System32\AsusService.exe  (File found, but it contains no detailed information)

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZinw12.dll

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZipm12.dll

"SeaPort" (SeaPort) - "Microsoft Corp." - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

"StarWind AE Service" (StarWindServiceAE) - "Rocket Division Software" - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"AVSDA" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru