Trojaner-Board - Probleme mit Sirefef.P

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Probleme mit Sirefef.P (https://www.trojaner-board.de/107168-probleme-sirefef-p.html)

Probleme mit Sirefef.P

Hallo,

habe seit 3 Tagen Probleme mit dem Trojaner Win32:Sirefef.P
Die erste Meldung kam vor 3 Tagen mit MSE, daraufhin habe ich MSE die empfohlene Aktion ausführen lassen (entfernen). Nach Neustart war Sirefef.P zwar verschwunden, stattdessen zeiget MSE aber nun 3 Bedrohungen an (darunter wieder einen Sirefef (evtl. .S)). NAchdem ich MSE auch hier die empfohlenen Einstellungen machen lassen habe, kam nach dem erforderlichen Neustart wieder eine Warnmeldung über eine Bedrohung: Sirefef.P.

Habe dann im Netz recherchiert, versucht Sirefef.P manuell zu entfernen, die erste Aktion dabei wäre aber gewesen, den Prozess im Task-Manager zu stoppen, wo ich jedoch keinen Eintrag fand.
Deshalb habe ich weiterrecherchiert und bin schnell auf dieses Forum gestoßen.
Um größeren Schaden abzuwenden habe ich keine weiteren Lösungsschritte unternommen. Stattdessen habe ich defogger, OTL und gmer32 heruntergeladen und auf nach den angegebenen Anweisungen ausgeführt.
defogger und OTL liefen problemlos, gmer32 hat erst auf nach mehreren Anläufen geklappt, PC hat sich immer wieder aufgehängt.

Meine Fragen:

Ist mein System noch zu retten?
Wie soll ich vorgehen?
Oder ist Neuinstallation angesagt?

Danke für Eure Mühen

biberbruder

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hallo, habe Malwarebytes das System scannen lassen, dabei wurden einige Bedrohungen entdeckt und entfernt:

Code:

 Malwarebytes Anti-Malware (Test) 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2011.12.29.04
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 8.0.7601.17514

XXXX :: XXXX-PC [Administrator]
 

Schutz: Aktiviert
 

29.12.2011 20:21:01

mbam-log-2011-12-29 (20-21-01).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 330929

Laufzeit: 2 Stunde(n), 58 Minute(n), 11 Sekunde(n)
 

Infizierte Speicherprozesse: 1

C:\ProgramData\kbsetup.exe (Trojan.Agent) -> 3668 -> Löschen bei Neustart.
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 4

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|kbsetup (Trojan.Agent) -> Daten: C:\ProgramData\kbsetup.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|kbsetup (Trojan.Agent) -> Daten: C:\ProgramData\kbsetup.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|isomob (Trojan.Agent) -> Daten: C:\Users\XXXX\AppData\Roaming\isomob.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|isomob (Trojan.Agent) -> Daten: C:\Users\XXXX\AppData\Roaming\isomob.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 8

C:\Users\XXXX\Downloads\SoftonicDownloader_fuer_finale-notepad.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt.

C:\ProgramData\kbsetup.exe (Trojan.Agent) -> Löschen bei Neustart.

C:\Users\XXXX\AppData\Roaming\isomob.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\XXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INEKYBMO\7[1].exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\XXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VRGP740H\3[1].exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\XXXX\AppData\Local\Temp\E2DE.tmp (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\XXXX\AppData\Local\Temp\comphost.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Windows\assembly\GAC_MSIL\Desktop.ini (Rootkit.0Access) -> Löschen bei Neustart.
 

(Ende)

Danach bin ich aber nicht mehr ins Internet gekommen, ich habe daraufhin eine Systemwiederherstellung durchgeführt, wie von Win7 vorgeschlagen.
Danach hatte ich wieder Zugang zum Internet, habe dann sofort ESET ausgeführt:

Code:

ESETSmartInstaller@High as downloader log:

Can not open internet# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=6b70e722ff8caf44924be74966fd304d

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-12-30 02:07:16

# local_time=2011-12-30 03:07:16 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 13120258 76884289 0 0

# compatibility_mode=8192 67108863 100 0 35680 35680 0 0

# scanned=4048

# found=0

# cleaned=0

# scan_time=934

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=6b70e722ff8caf44924be74966fd304d

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-12-31 01:05:05

# local_time=2011-12-31 02:05:05 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 13143637 76907668 0 0

# compatibility_mode=8192 67108863 100 0 59059 59059 0 0

# scanned=216453

# found=3

# cleaned=0

# scan_time=17028

C:\Users\XXXX\AppData\Local\ebb03473\U\800000c0.@        a variant of Win32/Sirefef.CH trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\XXXX\Downloads\SoftonicDownloader_for_anvil-studio.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

C:\Users\XXXX\Downloads\SoftonicDownloader_fuer_free-avi-mpeg-wmv-mp4-flv-video-joiner.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=6b70e722ff8caf44924be74966fd304d

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-12-31 05:46:04

# local_time=2011-12-31 06:46:04 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 13176961 76940992 0 0

# compatibility_mode=8192 67108863 100 0 92383 92383 0 0

# scanned=4034

# found=0

# cleaned=0

# scan_time=563

Diesen habe ich sogar mehrmals laufen lassen, zwischendurch habe ich die Dateien, die er als UNABLE TO CLEAN ausgegeben hatte per shift+entf gelöscht.

Bin ich sauber?

Zitat:

Bin ich sauber?

Nein. Das wird noch einiges an Arbeit sein. Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hallo,

schade, habe mich zu früh gefreut...

Hier das Logfile:

Code:

OTL logfile created on: 31.12.2011 16:48:59 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\XXXX\Desktop

 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1013,09 Mb Total Physical Memory | 332,82 Mb Available Physical Memory | 32,85% Memory free

1,99 Gb Paging File | 1,10 Gb Available in Paging File | 55,48% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 215,79 Gb Total Space | 154,33 Gb Free Space | 71,52% Space Free | Partition Type: NTFS

Drive D: | 4,00 Gb Total Space | 2,63 Gb Free Space | 65,88% Space Free | Partition Type: FAT32

 

Computer Name: XXXX-PC | User Name: XXXX | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.12.31 16:45:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\XXXX\Desktop\OTL.exe

PRC - [2011.11.18 14:32:23 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe

PRC - [2011.08.02 08:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe

PRC - [2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe

PRC - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe

PRC - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe

PRC - [2009.10.13 18:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009.10.13 18:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009.08.27 09:38:50 | 000,094,208 | ---- | M] () -- C:\Programme\Uniboard 4\ubrdagent.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2009.08.27 09:38:50 | 000,094,208 | ---- | M] () -- C:\Programme\Uniboard 4\ubrdagent.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.09.02 07:39:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011.08.25 10:41:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010.10.05 15:28:12 | 001,060,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)

SRV - [2010.10.05 15:27:52 | 000,484,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)

SRV - [2010.10.05 15:24:38 | 000,237,056 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)

SRV - [2010.06.22 07:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Disabled | Stopped] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService)

SRV - [2010.06.11 13:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)

SRV - [2010.01.30 00:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)

SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Disabled | Stopped] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)

SRV - [2009.10.13 18:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009.04.20 17:20:30 | 000,009,216 | ---- | M] (Vodafone) [Disabled | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)

SRV - [2006.12.19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.12.31 06:54:33 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0A3880D1-C127-41E7-B79E-8A7A1D077D23}\MpKsl8c89c6b4.sys -- (MpKsl8c89c6b4)

DRV - [2011.09.25 09:11:49 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2011.04.27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)

DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2010.06.17 07:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)

DRV - [2010.05.31 05:04:30 | 006,766,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)

DRV - [2010.05.20 07:10:32 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)

DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009.04.09 13:38:30 | 000,110,592 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)

DRV - [2009.04.09 13:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)

DRV - [2009.04.09 13:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV - [2009.04.09 13:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV - [2009.04.09 13:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV - [2009.04.09 13:38:30 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)

DRV - [2007.07.31 18:45:50 | 000,076,800 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50611p015l0454ww35w4752u491

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50611p015l0454ww35w4752u491

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50611p015l0454ww35w4752u491

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"

FF - prefs.js..browser.search.selectedEngine: "Google.de"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\XXXX\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\XXXX\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\XXXX\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\XXXX\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\XXXX\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.12.30 14:37:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.18 16:18:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.21 21:26:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.09 06:46:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

[2011.06.16 09:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Extensions

[2011.06.16 09:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011.12.30 14:34:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\wo2dmo0j.default\extensions

[2011.10.22 19:20:28 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\wo2dmo0j.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

[2011.12.30 14:37:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\wo2dmo0j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011.07.07 18:02:48 | 000,002,101 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\wo2dmo0j.default\searchplugins\googlede.xml

[2011.07.07 16:58:20 | 000,002,057 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\wo2dmo0j.default\searchplugins\youtube-videosuche.xml

[2011.11.10 06:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.12.30 14:37:06 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

() (No name found) -- C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WO2DMO0J.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2011.11.10 06:35:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010.03.31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll

[2010.04.08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll

[2011.11.10 06:35:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.11.10 06:35:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.11.10 06:35:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.06.23 15:55:32 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

[2011.11.10 06:35:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.11.10 06:35:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.11.10 06:35:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (DeLorme Send To GPS) - {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Programme\DeLorme\SendToGPS\PNPluginForIE.dll (DeLorme)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Uniboard virtual printer agent] C:\Program Files\Uniboard 4\ubrdagent.exe ()

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [Facebook Update] C:\Users\XXXX\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKCU..\Run: [MediaGet2] C:\Users\XXXX\AppData\Local\MediaGet2\mediaget.exe --minimized File not found

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20598892-8B40-43DF-B754-481AD76FDDA3}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{709FF3B3-B061-4D85-84CF-6A799690F29C}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.08.09 06:48:07 | 000,000,001 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2011.08.09 06:48:07 | 000,000,048 | ---- | M] () - C:\AUTOEXEC.NT -- [ NTFS ]

O33 - MountPoints2\{4cfbd12c-e343-11e0-9fe2-0026c77973a6}\Shell - "" = AutoRun

O33 - MountPoints2\{4cfbd12c-e343-11e0-9fe2-0026c77973a6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{74697c76-b871-11e0-af41-88ae1d9d1ed7}\Shell - "" = AutoRun

O33 - MountPoints2\{74697c76-b871-11e0-af41-88ae1d9d1ed7}\Shell\AutoRun\command - "" = F:\Setup.exe

O33 - MountPoints2\{d40ab779-a70d-11e0-ad8f-88ae1d9d1ed7}\Shell - "" = AutoRun

O33 - MountPoints2\{d40ab779-a70d-11e0-ad8f-88ae1d9d1ed7}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpReg: Acer ePower Management - hkey= - key= - C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: AndroidManager - hkey= - key= - C:\Programme\Acer\Android Manager\AML.exe ()

MsConfig - StartUpReg: Epson Stylus SX525WD(Netzwerk) - hkey= - key= -  File not found

MsConfig - StartUpReg: facemoods - hkey= - key= -  File not found

MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\XXXX\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

MsConfig - StartUpReg: iPatchData - hkey= - key= - C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.)

MsConfig - StartUpReg: iSyncData - hkey= - key= - C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.)

MsConfig - StartUpReg: LManager - hkey= - key= - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)

MsConfig - StartUpReg: MobileConnect - hkey= - key= -  File not found

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig - StartUpReg: swg - hkey= - key= -  File not found

MsConfig - State: "services" - 2

MsConfig - State: "startup" - 2

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MCODS - Reg Error: Value error.

SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: MCODS - Reg Error: Value error.

SafeBootNet: Messenger - Service

SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.12.31 16:45:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\XXXX\Desktop\OTL.exe

[2011.12.31 07:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.12.31 07:18:21 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.12.30 20:55:14 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Documents\My Kindle Content

[2011.12.30 20:54:50 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon

[2011.12.30 20:54:48 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Amazon

[2011.12.30 20:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon

[2011.12.30 05:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011.12.29 18:18:09 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Malwarebytes

[2011.12.29 18:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.12.29 18:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.12.26 19:04:23 | 000,000,000 | ---D | C] -- C:\Closeall

[2011.12.14 16:47:25 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Documents\IdaAustralien

[2011.12.14 12:22:48 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Rovio

[2011.12.14 12:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\AngryBirds

[2011.12.14 10:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Finale 2009 Demo

[2011.12.02 17:38:58 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\DieBuecherei

[1 C:\Users\XXXX\Documents\*.tmp files -> C:\Users\XXXX\Documents\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.12.31 16:45:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\XXXX\Desktop\OTL.exe

[2011.12.31 16:42:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000UA.job

[2011.12.31 16:42:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.12.31 16:41:55 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000UA.job

[2011.12.31 16:41:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.12.31 10:12:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000Core.job

[2011.12.31 07:18:37 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2011.12.31 07:01:55 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.12.31 07:01:55 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.12.31 06:54:42 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.12.31 06:54:17 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys

[2011.12.31 03:37:48 | 000,535,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.12.31 03:05:14 | 000,656,266 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.12.31 03:05:14 | 000,618,108 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.12.31 03:05:14 | 000,131,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.12.31 03:05:14 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.12.30 20:54:52 | 000,001,948 | ---- | M] () -- C:\Users\XXXX\Desktop\Kindle.lnk

[2011.12.30 20:45:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000Core.job

[2011.12.30 14:44:20 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn

[2011.12.29 12:55:48 | 000,023,225 | ---- | M] () -- C:\Users\XXXX\Desktop\gmer_OTL_Extras.zip

[2011.12.28 08:49:20 | 000,000,176 | ---- | M] () -- C:\Users\XXXX\defogger_reenable

[2011.12.16 18:06:33 | 052,028,492 | ---- | M] () -- C:\Users\XXXX\Desktop\Dominion_20Anleitung_F8.flv

[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.12.09 14:02:28 | 002,053,763 | ---- | M] () -- C:\Users\XXXX\Desktop\TK-Broschuere-Der-Ruecken.pdf

[2011.12.06 18:00:12 | 193,135,969 | ---- | M] () -- C:\Windows\MEMORY.DMP

[1 C:\Users\XXXX\Documents\*.tmp files -> C:\Users\XXXX\Documents\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.12.31 07:18:37 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2011.12.30 20:54:52 | 000,001,948 | ---- | C] () -- C:\Users\XXXX\Desktop\Kindle.lnk

[2011.12.29 12:55:16 | 000,023,225 | ---- | C] () -- C:\Users\XXXX\Desktop\gmer_OTL_Extras.zip

[2011.12.28 08:48:36 | 000,000,176 | ---- | C] () -- C:\Users\XXXX\defogger_reenable

[2011.12.16 18:02:32 | 052,028,492 | ---- | C] () -- C:\Users\XXXX\Desktop\Dominion_20Anleitung_F8.flv

[2011.12.09 14:02:28 | 002,053,763 | ---- | C] () -- C:\Users\XXXX\Desktop\TK-Broschuere-Der-Ruecken.pdf

[2011.12.06 09:26:49 | 000,004,032 | ---- | C] () -- C:\Users\XXXX\Documents\peoleo lol.cad

[2011.11.30 15:17:01 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ubrdpm.dll

[2011.11.15 11:04:40 | 000,004,608 | ---- | C] () -- C:\Users\XXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.11.11 15:51:50 | 000,083,968 | ---- | C] () -- C:\Windows\System32\bvcsky.dll

[2011.11.04 17:18:04 | 000,125,952 | ---- | C] () -- C:\Windows\System32\ZLhp1600.DLL

[2011.11.02 08:24:27 | 000,000,132 | ---- | C] () -- C:\Windows\KTEL.INI

[2011.10.03 09:02:12 | 000,000,120 | ---- | C] () -- C:\Windows\pear.ini

[2011.10.03 08:32:41 | 000,032,768 | ---- | C] () -- C:\Windows\php_yaz.dll

[2011.10.03 08:15:37 | 000,000,521 | ---- | C] () -- C:\Windows\my.ini

[2011.09.15 08:53:03 | 000,090,112 | ---- | C] () -- C:\Windows\System32\nccad432.dll

[2011.08.09 06:47:29 | 000,000,049 | ---- | C] () -- C:\Windows\PD.INI

[2011.06.23 15:26:53 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe

[2011.06.13 12:00:04 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2011.06.13 11:56:57 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011.06.05 15:22:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011.03.17 19:21:36 | 000,337,920 | ---- | C] () -- C:\Windows\System32\ZSHP1600.EXE

[2010.09.14 07:55:13 | 000,656,266 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2010.09.14 07:55:13 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2010.09.14 07:55:13 | 000,131,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2010.09.14 07:55:13 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2010.08.05 15:00:20 | 000,361,808 | ---- | C] () -- C:\Windows\EMCRI_E.dll

[2010.08.05 14:39:30 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2010.08.05 14:30:52 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat

[2010.08.05 14:30:52 | 000,037,468 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT

[2010.08.05 14:30:52 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat

[2010.08.05 14:30:52 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat

[2010.08.05 14:30:52 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat

[2010.08.05 14:30:52 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat

[2010.08.05 14:30:52 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

[2010.08.05 14:30:52 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat

[2010.08.05 14:30:52 | 000,000,024 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

[2010.01.31 12:06:18 | 000,008,046 | ---- | C] () -- C:\Program Files\Common Files\setupBanner.jpg

[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 05:33:53 | 000,535,376 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009.07.14 03:05:48 | 000,618,108 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009.07.14 03:05:48 | 000,107,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2009.04.14 17:07:42 | 000,037,607 | ---- | C] () -- C:\Program Files\Common Files\license.rtf

[2009.04.09 13:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

[2002.06.06 02:01:58 | 000,029,696 | ---- | C] () -- C:\Windows\System32\asutl8.dll

 
 ========== LOP Check ==========

 

[2011.11.11 15:51:49 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\7art

[2011.12.30 14:37:07 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Anvil Studio

[2011.11.13 14:47:47 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Avid

[2011.11.13 16:00:50 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\bvcsky

[2011.06.24 12:14:20 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DAEMON Tools Lite

[2011.12.02 17:38:58 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DieBuecherei

[2011.09.14 16:26:39 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\GARMIN

[2011.12.30 14:37:07 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\IrfanView

[2011.11.02 08:25:29 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\klickTel

[2011.09.15 11:21:01 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\kosy

[2011.06.11 10:31:01 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\LibreOffice

[2011.12.15 15:41:16 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Liteon

[2011.11.18 16:53:05 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\MPEG Streamclip

[2011.11.14 06:09:18 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Neuratron

[2011.09.02 11:45:49 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Roads Of Rome

[2011.12.14 12:22:48 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Rovio

[2011.07.07 14:40:08 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\SoftGrid Client

[2011.06.16 09:55:05 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Thunderbird

[2011.07.07 09:38:02 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\TP

[2011.07.05 14:58:53 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Vodafone

[2011.12.30 20:45:01 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000Core.job

[2011.12.31 16:41:55 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000UA.job

[2011.10.05 06:44:39 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.11.11 15:51:49 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\7art

[2011.06.06 05:53:13 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Adobe

[2011.12.30 14:37:07 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Anvil Studio

[2011.11.13 14:47:47 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Avid

[2011.11.13 16:00:50 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\bvcsky

[2011.06.24 12:14:20 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DAEMON Tools Lite

[2011.12.02 17:38:58 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DieBuecherei

[2011.09.14 16:26:39 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\GARMIN

[2011.06.05 14:32:26 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Google

[2011.06.04 13:31:10 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Identities

[2011.07.19 07:18:38 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\InstallShield

[2011.12.30 14:37:07 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\IrfanView

[2011.11.02 08:25:29 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\klickTel

[2011.09.15 11:21:01 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\kosy

[2011.06.11 10:31:01 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\LibreOffice

[2011.12.15 15:41:16 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Liteon

[2011.06.04 13:32:10 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Macromedia

[2011.12.29 18:18:09 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Malwarebytes

[2011.12.30 14:34:21 | 000,000,000 | --SD | M] -- C:\Users\XXXX\AppData\Roaming\Microsoft

[2011.11.24 05:43:50 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Mozilla

[2011.11.18 16:53:05 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\MPEG Streamclip

[2011.11.14 06:09:18 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Neuratron

[2011.11.18 14:34:26 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Real

[2011.09.02 11:45:49 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Roads Of Rome

[2011.12.14 12:22:48 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Rovio

[2011.07.07 14:40:08 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\SoftGrid Client

[2011.06.16 09:55:05 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Thunderbird

[2011.07.07 09:38:02 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\TP

[2011.12.30 14:37:10 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\vlc

[2011.07.05 14:58:53 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Vodafone

[2011.06.13 10:39:16 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2011.11.11 15:50:39 | 000,714,963 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\7art\Aquarium Clock\unins000.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2009.10.13 18:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009.10.13 18:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\drivers\iaStor.sys

[2009.10.13 18:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_b12590c8dd605296\iaStor.sys

[2009.10.13 18:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\Temp\IIF2\Winall\Driver\IaStor.sys

[2009.10.13 18:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2009.10.13 18:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\Temp\IIF2\Winall\Driver64\IaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys

[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys

[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys

[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll

[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.07.14 12:01:28 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2010.07.14 12:01:28 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

[2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys

[2011.09.25 09:11:49 | 000,443,448 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2009.07.14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll

 
 <           >

 
 ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\Windows\$NtUninstallKB8252$] -> Error: Cannot create file handle -> Unknown point type

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:CDFF58FE

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0B9176C0
 

< End of report >

Hier noch der Inhalt der Extras.TxT

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 31.12.2011 16:48:59 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\XXXX\Desktop

 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1013,09 Mb Total Physical Memory | 332,82 Mb Available Physical Memory | 32,85% Memory free

1,99 Gb Paging File | 1,10 Gb Available in Paging File | 55,48% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 215,79 Gb Total Space | 154,33 Gb Free Space | 71,52% Space Free | Partition Type: NTFS

Drive D: | 4,00 Gb Total Space | 2,63 Gb Free Space | 65,88% Space Free | Partition Type: FAT32

 

Computer Name: XXXX-PC | User Name: XXXX | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{0F60FD8E-3E58-4F8E-BF2C-DFA4C9987AE2}_is1" = DeLorme Send To GPS 1.2

"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)

"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack

"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 26

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3CE88264-3437-4D18-B72C-4F5286383F9C}_is1" = Die Bücherei

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print

"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker

"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{467D4F46-B75D-4E9F-B710-D933D687B9BD}" = PDF Creator Pilot 4.3 

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack

"{5080900B-7E07-4926-ACD2-CB083E3B66E2}" = WD SmartWare

"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam

"{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8FF22CB1-50BE-4D96-BD63-549928AC03B6}" = Anvil Studio 2011

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" = 

"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010

"{90140000-0015-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010

"{90140000-0016-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010

"{90140000-0017-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{0F513B77-0D84-4615-87F7-B814D1FC64F5}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)

"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010

"{90140000-0018-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010

"{90140000-0019-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010

"{90140000-001A-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010

"{90140000-001B-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.de-de_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.de-de_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OMUI.de-de_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010

"{90140000-002C-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010

"{90140000-0044-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010

"{90140000-006E-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010

"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010

"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010

"{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{90D3D490-F6C4-4F4A-971B-93D0A66F2E2E}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)

"{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010

"{90140000-0101-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4733E76A-5F12-4513-9CA8-DB2540A74EDA}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.6 MUI

"{C2D47964-0E8D-4803-9F4A-BF5DC3D5A069}" = BASIC Stamp Editor v2.5.2

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3

"{CEE2613D-3B53-4447-BA2D-E88C08272581}" = LibreOffice 3.3

"{D617DF82-6046-44EB-AD4A-D3423319E12C}" = Geosense for Windows

"{DE322C0B-CF1F-483E-935C-996E2D24FF23}" = klickTel Routenplaner Deutschland und Europa 2011

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite

"{E63D17F8-D9DA-479D-B9B5-0D101A03703B}_is1" = Uniboard 4

"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{FBE64702-E893-4D55-BA5C-514AAF11CCC4}" = Sibelius 7 OpenType Fonts

"1489-3350-5074-6281" = JDownloader 0.9

"3B29FD3CCF1F5B855DA0C521597413EBABE97DFB" = ENE USB Card Reader Driver

"498B9978CE49397903524B0761200F43EC650044" = Windows-Treiberpaket - FTDI CDM Driver Package (07/12/2010 2.08.02)

"4DdeinstKey" = 4Design

"67170FB0228B69BCCBEF8CE14A76953A5505D8EA" = Windows-Treiberpaket - FTDI CDM Driver Package (07/12/2010 2.08.02)

"7art Aquarium Clock Screensaver_is1" = 7art Aquarium Clock © 7art-screensavers.com

"Acer Screensaver" = Acer ScreenSaver

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Amazon Kindle" = Amazon Kindle

"AsUninst.exe" = Anvil Studio

"DAEMON Tools Lite" = DAEMON Tools Lite

"EPSON Scanner" = EPSON Scan

"EPSON SX525WD Series" = EPSON SX525WD Series Printer Uninstall

"ESET Online Scanner" = ESET Online Scanner v3

"F8DC9DFED0912C7E47EB1446EF7E3C53D3A0942D" = Windows-Treiberpaket - Parallax Inc CDM Driver Package - Bus & VCP Driver (07/12/2010 2.08.02)

"GPL Ghostscript 9.04" = GPL Ghostscript

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"Identity Card" = Identity Card

"InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller

"IrfanView" = IrfanView (remove only)

"iSkysoft Video Converter_is1" = iSkysoft Video Converter(Build 2.0.0.11)

"Lateinische Ausgangsschrift LA_is1" = Pelikan Schulschriften

"Licking Dog Screen Clean Screensaver" = Licking Dog Screen Clean Screensaver

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)

"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)

"Navit" = Navit

"nccad7.5" = nccad7.5

"nccad8.0" = nccad8.0

"Neuratron PhotoScore Lite Demo" = Neuratron PhotoScore Lite Demo

"Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"QuicktimeAlt_is1" = QuickTime Alternative 1.81

"Rainlendar2" = Rainlendar2 (remove only)

"RealPlayer 15.0" = RealPlayer

"Sibelius 7.0.0.23_is1" = Sibelius 7.0.0.23

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"VLC media player" = VLC media player 1.1.11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.01 (32-Bit)

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 29.12.2011 03:45:06 | Computer Name = XXXX-PC | Source = Google Update | ID = 20

Description = 

 

Error - 29.12.2011 04:05:42 | Computer Name = XXXX-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common

 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei

 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.

Der

 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs

 im assemblyIdentity-Element ist ungültig.

 

Error - 29.12.2011 04:06:14 | Computer Name = XXXX-PC | Source = SideBySide | ID = 16842824

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft

 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program

 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element

 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements

 angezeigt, das von dieser Windows-Version nicht unterstützt wird.

 

Error - 29.12.2011 06:03:53 | Computer Name = XXXX-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: gmer.exe, Version: 1.0.15.15641, 

Zeitstempel: 0x4e21f2b1  Name des fehlerhaften Moduls: gmer.exe, Version: 1.0.15.15641,

 Zeitstempel: 0x4e21f2b1  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000c676  ID des fehlerhaften

 Prozesses: 0xf4c  Startzeit der fehlerhaften Anwendung: 0x01ccc610d190f626  Pfad der

 fehlerhaften Anwendung: C:\Users\XXXX\Desktop\gmer.exe  Pfad des fehlerhaften Moduls:

 C:\Users\XXXX\Desktop\gmer.exe  Berichtskennung: 691711fe-3204-11e1-b829-88ae1d9d1ed7

 

Error - 29.12.2011 11:24:55 | Computer Name = XXXX-PC | Source = Google Update | ID = 20

Description = 

 

Error - 29.12.2011 18:45:08 | Computer Name = XXXX-PC | Source = Google Update | ID = 20

Description = 

 

Error - 29.12.2011 19:42:04 | Computer Name = XXXX-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common

 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei

 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.

Der

 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs

 im assemblyIdentity-Element ist ungültig.

 

Error - 29.12.2011 19:43:24 | Computer Name = XXXX-PC | Source = SideBySide | ID = 16842824

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft

 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program

 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element

 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements

 angezeigt, das von dieser Windows-Version nicht unterstützt wird.

 

Error - 29.12.2011 21:45:07 | Computer Name = XXXX-PC | Source = Google Update | ID = 20

Description = 

 

Error - 30.12.2011 00:45:06 | Computer Name = XXXX-PC | Source = Google Update | ID = 20

Description = 

 

[ System Events ]

Error - 26.09.2011 23:35:12 | Computer Name = XXXX-PC | Source = Microsoft Antimalware | ID = 3002

Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 

0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842

 

Error - 27.09.2011 00:54:47 | Computer Name = XXXX-PC | Source = Microsoft Antimalware | ID = 3002

Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 

0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842

 

Error - 27.09.2011 01:47:24 | Computer Name = XXXX-PC | Source = Microsoft Antimalware | ID = 3002

Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 

0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842

 

Error - 28.09.2011 01:23:54 | Computer Name = XXXX-PC | Source = Microsoft Antimalware | ID = 3002

Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 

0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842

 

Error - 28.09.2011 01:54:24 | Computer Name = XXXX-PC | Source = Microsoft Antimalware | ID = 3002

Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 

0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842

 

Error - 28.09.2011 05:55:35 | Computer Name = XXXX-PC | Source = Microsoft Antimalware | ID = 3002

Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 

0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842

 

Error - 28.09.2011 05:58:53 | Computer Name = XXXX-PC | Source = bowser | ID = 8003

Description = 

 

Error - 28.09.2011 06:10:52 | Computer Name = XXXX-PC | Source = bowser | ID = 8003

Description = 

 

Error - 28.09.2011 08:11:55 | Computer Name = XXXX-PC | Source = Microsoft Antimalware | ID = 3002

Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 

0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842

 

Error - 29.09.2011 02:00:50 | Computer Name = XXXX-PC | Source = Microsoft Antimalware | ID = 3002

Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 

0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842

 

 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50611p015l0454ww35w4752u491

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50611p015l0454ww35w4752u491

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50611p015l0454ww35w4752u491

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"

FF - prefs.js..browser.search.selectedEngine: "Google.de"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.de/ig"

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (DeLorme Send To GPS) - {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Programme\DeLorme\SendToGPS\PNPluginForIE.dll (DeLorme)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4 - HKCU..\Run: [Facebook Update] C:\Users\XXXX\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKCU..\Run: [MediaGet2] C:\Users\XXXX\AppData\Local\MediaGet2\mediaget.exe --minimized File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.08.09 06:48:07 | 000,000,001 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2011.08.09 06:48:07 | 000,000,048 | ---- | M] () - C:\AUTOEXEC.NT -- [ NTFS ]

O33 - MountPoints2\{4cfbd12c-e343-11e0-9fe2-0026c77973a6}\Shell - "" = AutoRun

O33 - MountPoints2\{4cfbd12c-e343-11e0-9fe2-0026c77973a6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{74697c76-b871-11e0-af41-88ae1d9d1ed7}\Shell - "" = AutoRun

O33 - MountPoints2\{74697c76-b871-11e0-af41-88ae1d9d1ed7}\Shell\AutoRun\command - "" = F:\Setup.exe

O33 - MountPoints2\{d40ab779-a70d-11e0-ad8f-88ae1d9d1ed7}\Shell - "" = AutoRun

O33 - MountPoints2\{d40ab779-a70d-11e0-ad8f-88ae1d9d1ed7}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:CDFF58FE

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0B9176C0

:Files

C:\Windows\$NtUninstallKB8252$

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hi cosinus,

danke für die Hilfe, ich habe aber in der Hektik vergessen den Virenscanner (MSE) zu deaktivieren. Hier trotzdem mal das Ergebnis. Soll ich den Fix nochmals ausführen (bei ausgeschaltetem MSE?).

lg

biberbruder

Code:

 All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

Prefs.js: "Facemoods Search" removed from browser.search.defaultenginename

Prefs.js: "Google.de" removed from browser.search.selectedEngine

Prefs.js: true removed from browser.search.useDBForOrder

Prefs.js: "hxxp://www.google.de/ig" removed from browser.startup.homepage

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.

C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.

C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.

C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.

C:\Programme\Microsoft Office\Office14\URLREDIR.DLL moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD}\ deleted successfully.

C:\Programme\DeLorme\SendToGPS\PNPluginForIE.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.

C:\Users\XXXX\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MediaGet2 deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\AUTOEXEC.001 moved successfully.

C:\autoexec.bat moved successfully.

C:\AUTOEXEC.NT moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cfbd12c-e343-11e0-9fe2-0026c77973a6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cfbd12c-e343-11e0-9fe2-0026c77973a6}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cfbd12c-e343-11e0-9fe2-0026c77973a6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cfbd12c-e343-11e0-9fe2-0026c77973a6}\ not found.

File F:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74697c76-b871-11e0-af41-88ae1d9d1ed7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74697c76-b871-11e0-af41-88ae1d9d1ed7}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74697c76-b871-11e0-af41-88ae1d9d1ed7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74697c76-b871-11e0-af41-88ae1d9d1ed7}\ not found.

File F:\Setup.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d40ab779-a70d-11e0-ad8f-88ae1d9d1ed7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40ab779-a70d-11e0-ad8f-88ae1d9d1ed7}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d40ab779-a70d-11e0-ad8f-88ae1d9d1ed7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40ab779-a70d-11e0-ad8f-88ae1d9d1ed7}\ not found.

File F:\setup_vmc_lite.exe /checkApplicationPresence not found.

ADS C:\ProgramData\TEMP:CDFF58FE deleted successfully.

ADS C:\ProgramData\TEMP:0B9176C0 deleted successfully.

========== FILES ==========

Folder move failed. C:\Windows\$NtUninstallKB8252$\TxR scheduled to be moved on reboot.

C:\Windows\$NtUninstallKB8252$\systemprofile\Favorites folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Vodafone\Vodafone Mobile Connect\UserData folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Vodafone\Vodafone Mobile Connect\Temp folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Vodafone\Vodafone Mobile Connect\Log folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Vodafone\Vodafone Mobile Connect folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Vodafone folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\SoftGrid Client folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Windows folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Speech\Files\UserLexicons folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Speech\Files folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Speech folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\YIPYZ0KY folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\OZMCBW3A folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\7H7MSCRC folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\3Q55BA5O folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer folder moved successfully.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Adobe\Flash Player\AssetCache\6MSMKXHG folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Adobe\Flash Player\AssetCache folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Adobe\Flash Player folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Adobe folder moved successfully.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming scheduled to be moved on reboot.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\LocalLow\Microsoft\Silverlight folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\LocalLow\Microsoft folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\LocalLow folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\SoftGrid Client\140066.DEU-90140011-66-407 folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\SoftGrid Client folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows Media\12.0 folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows Media folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKUHEUZR folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6BCNWQH folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WWDTSR0W folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V2ML6UEJ folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T9QD7GRI folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L7B00WVC folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KBEX0IQM folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7U81SSK8 folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\15CPIK7N folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011122920111230 folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011122820111229 folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011090420110905 folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011090320110904 folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011090220110903 folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011082920110830 folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011082220110829 folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011082120110822 folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011081920110820 folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011081220110813 folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011081120110812 folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011080920110810 folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Caches folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Portable Devices folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\MX1TTIXW folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\FXBCEF5O folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\EMWFX159 folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\AX8MGCB5 folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Internet Explorer folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Google\Update\Manifest\Initial folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Google\Update\Manifest folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Google\Update folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Google\Custom Buttons folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Google\CrashReports folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Google folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local folder moved successfully.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\RegBack scheduled to be moved on reboot.

C:\Windows\$NtUninstallKB8252$\Journal folder moved successfully.

Folder move failed. C:\Windows\$NtUninstallKB8252$ scheduled to be moved on reboot.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: XXXX

->Temp folder emptied: 511140193 bytes

->Temporary Internet Files folder emptied: 63882024 bytes

->Java cache emptied: 169274 bytes

->FireFox cache emptied: 129031009 bytes

->Flash cache emptied: 16913 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 728609514 bytes

RecycleBin emptied: 198255 bytes

 

Total Files Cleaned = 1.367,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 01022012_140115
 

Files\Folders moved on Reboot...

Folder move failed. C:\Windows\$NtUninstallKB8252$\TxR scheduled to be moved on reboot.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming scheduled to be moved on reboot.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Caches folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft folder moved successfully.

C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local folder moved successfully.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\RegBack scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\TxR scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$\RegBack scheduled to be moved on reboot.

Folder move failed. C:\Windows\$NtUninstallKB8252$ scheduled to be moved on reboot.

File\Folder C:\Users\XXXX\AppData\Local\Temp\OICE_9A42B645-2FD4-4A38-9FBB-D9BD604C9A89.0\DEFE982C. not found!
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Hi cosinus,

dies ist der Report:

Code:

 

14:41:39.0777 2404        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

14:41:40.0103 2404        ============================================================

14:41:40.0103 2404        Current date / time: 2012/01/02 14:41:40.0103

14:41:40.0103 2404        SystemInfo:

14:41:40.0103 2404        

14:41:40.0104 2404        OS Version: 6.1.7601 ServicePack: 1.0

14:41:40.0104 2404        Product type: Workstation

14:41:40.0104 2404        ComputerName: JAAG-PC

14:41:40.0104 2404        UserName: Jaag

14:41:40.0104 2404        Windows directory: C:\Windows

14:41:40.0104 2404        System windows directory: C:\Windows

14:41:40.0105 2404        Processor architecture: Intel x86

14:41:40.0105 2404        Number of processors: 4

14:41:40.0105 2404        Page size: 0x1000

14:41:40.0105 2404        Boot type: Normal boot

14:41:40.0105 2404        ============================================================

14:41:43.0131 2404        Initialize success

14:43:29.0729 5904        ============================================================

14:43:29.0729 5904        Scan started

14:43:29.0729 5904        Mode: Manual; SigCheck; TDLFS; 

14:43:29.0729 5904        ============================================================

14:43:31.0162 5904        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

14:43:31.0665 5904        1394ohci - ok

14:43:31.0781 5904        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

14:43:31.0865 5904        ACPI - ok

14:43:31.0933 5904        AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

14:43:32.0116 5904        AcpiPmi - ok

14:43:32.0242 5904        adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys

14:43:32.0366 5904        adp94xx - ok

14:43:32.0478 5904        adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys

14:43:32.0607 5904        adpahci - ok

14:43:32.0717 5904        adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys

14:43:32.0851 5904        adpu320 - ok

14:43:33.0003 5904        AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

14:43:33.0234 5904        AFD - ok

14:43:33.0348 5904        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

14:43:33.0417 5904        agp440 - ok

14:43:33.0487 5904        aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys

14:43:33.0600 5904        aic78xx - ok

14:43:33.0768 5904        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

14:43:33.0828 5904        aliide - ok

14:43:33.0862 5904        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

14:43:33.0943 5904        amdagp - ok

14:43:34.0047 5904        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

14:43:34.0155 5904        amdide - ok

14:43:34.0293 5904        AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys

14:43:34.0504 5904        AmdK8 - ok

14:43:34.0623 5904        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys

14:43:34.0729 5904        AmdPPM - ok

14:43:34.0795 5904        amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

14:43:34.0882 5904        amdsata - ok

14:43:35.0005 5904        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys

14:43:35.0103 5904        amdsbs - ok

14:43:35.0143 5904        amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

14:43:35.0201 5904        amdxata - ok

14:43:35.0258 5904        AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

14:43:35.0489 5904        AppID - ok

14:43:35.0657 5904        arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys

14:43:35.0720 5904        arc - ok

14:43:35.0738 5904        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys

14:43:35.0829 5904        arcsas - ok

14:43:35.0939 5904        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

14:43:36.0175 5904        AsyncMac - ok

14:43:36.0300 5904        atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

14:43:36.0406 5904        atapi - ok

14:43:36.0557 5904        b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys

14:43:36.0783 5904        b06bdrv - ok

14:43:36.0903 5904        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

14:43:37.0012 5904        b57nd60x - ok

14:43:37.0161 5904        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

14:43:37.0326 5904        Beep - ok

14:43:37.0461 5904        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\drivers\blbdrive.sys

14:43:37.0582 5904        blbdrive - ok

14:43:37.0693 5904        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

14:43:37.0876 5904        bowser - ok

14:43:37.0971 5904        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys

14:43:38.0167 5904        BrFiltLo - ok

14:43:38.0271 5904        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys

14:43:38.0404 5904        BrFiltUp - ok

14:43:38.0533 5904        Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

14:43:38.0712 5904        Brserid - ok

14:43:38.0814 5904        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

14:43:38.0951 5904        BrSerWdm - ok

14:43:39.0061 5904        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

14:43:39.0185 5904        BrUsbMdm - ok

14:43:39.0281 5904        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

14:43:39.0367 5904        BrUsbSer - ok

14:43:39.0487 5904        BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys

14:43:39.0665 5904        BthEnum - ok

14:43:39.0767 5904        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

14:43:39.0873 5904        BTHMODEM - ok

14:43:39.0976 5904        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys

14:43:40.0082 5904        BthPan - ok

14:43:40.0202 5904        BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys

14:43:40.0332 5904        BTHPORT - ok

14:43:40.0437 5904        BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys

14:43:40.0533 5904        BTHUSB - ok

14:43:40.0599 5904        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

14:43:40.0782 5904        cdfs - ok

14:43:40.0923 5904        cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys

14:43:41.0033 5904        cdrom - ok

14:43:41.0171 5904        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys

14:43:41.0288 5904        circlass - ok

14:43:41.0389 5904        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

14:43:41.0533 5904        CLFS - ok

14:43:41.0675 5904        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys

14:43:41.0788 5904        CmBatt - ok

14:43:41.0894 5904        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

14:43:41.0965 5904        cmdide - ok

14:43:42.0026 5904        CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

14:43:42.0179 5904        CNG - ok

14:43:42.0367 5904        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys

14:43:42.0423 5904        Compbatt - ok

14:43:42.0535 5904        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

14:43:42.0633 5904        CompositeBus - ok

14:43:42.0747 5904        crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys

14:43:42.0803 5904        crcdisk - ok

14:43:42.0943 5904        CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

14:43:43.0142 5904        CSC - ok

14:43:43.0299 5904        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

14:43:43.0426 5904        DfsC - ok

14:43:43.0538 5904        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

14:43:43.0672 5904        discache - ok

14:43:43.0795 5904        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys

14:43:43.0879 5904        Disk - ok

14:43:44.0042 5904        drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

14:43:44.0133 5904        drmkaud - ok

14:43:44.0294 5904        DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

14:43:44.0444 5904        DXGKrnl - ok

14:43:44.0641 5904        ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys

14:43:44.0961 5904        ebdrv - ok

14:43:45.0106 5904        elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys

14:43:45.0224 5904        elxstor - ok

14:43:45.0357 5904        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

14:43:45.0446 5904        ErrDev - ok

14:43:45.0598 5904        EUCR            (4fab8dfaf156e048ad514eabd268ab3a) C:\Windows\system32\DRIVERS\EUCR6SK.SYS

14:43:45.0746 5904        EUCR - ok

14:43:45.0865 5904        exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

14:43:46.0008 5904        exfat - ok

14:43:46.0040 5904        fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

14:43:46.0177 5904        fastfat - ok

14:43:46.0299 5904        fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys

14:43:46.0409 5904        fdc - ok

14:43:46.0501 5904        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

14:43:46.0614 5904        FileInfo - ok

14:43:46.0726 5904        Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

14:43:46.0863 5904        Filetrace - ok

14:43:46.0997 5904        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys

14:43:47.0078 5904        flpydisk - ok

14:43:47.0180 5904        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

14:43:47.0318 5904        FltMgr - ok

14:43:47.0445 5904        FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

14:43:47.0527 5904        FsDepends - ok

14:43:47.0568 5904        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

14:43:47.0634 5904        Fs_Rec - ok

14:43:47.0751 5904        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

14:43:47.0862 5904        fvevol - ok

14:43:47.0904 5904        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys

14:43:47.0982 5904        gagp30kx - ok

14:43:48.0112 5904        grmnusb         (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys

14:43:48.0268 5904        grmnusb - ok

14:43:48.0407 5904        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

14:43:48.0562 5904        hcw85cir - ok

14:43:48.0687 5904        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

14:43:48.0816 5904        HdAudAddService - ok

14:43:48.0938 5904        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

14:43:49.0033 5904        HDAudBus - ok

14:43:49.0074 5904        HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys

14:43:49.0181 5904        HidBatt - ok

14:43:49.0286 5904        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys

14:43:49.0404 5904        HidBth - ok

14:43:49.0518 5904        HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys

14:43:49.0614 5904        HidIr - ok

14:43:49.0740 5904        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

14:43:49.0813 5904        HidUsb - ok

14:43:49.0860 5904        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

14:43:49.0965 5904        HpSAMD - ok

14:43:50.0077 5904        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

14:43:50.0269 5904        HTTP - ok

14:43:50.0319 5904        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

14:43:50.0372 5904        hwpolicy - ok

14:43:50.0509 5904        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

14:43:50.0613 5904        i8042prt - ok

14:43:50.0746 5904        iaStor          (0baa4115dfffd6a6d809a89d65e1281a) C:\Windows\system32\drivers\iaStor.sys

14:43:50.0915 5904        iaStor - ok

14:43:51.0034 5904        iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

14:43:51.0149 5904        iaStorV - ok

14:43:51.0360 5904        igfx            (d0074897c6bc132f3980ea4654bf7fb9) C:\Windows\system32\DRIVERS\igdkmd32.sys

14:43:51.0760 5904        igfx - ok

14:43:51.0869 5904        iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys

14:43:51.0930 5904        iirsp - ok

14:43:52.0086 5904        IntcAzAudAddService (2a1acec9da72b39188f007437da3b008) C:\Windows\system32\drivers\RTKVHDA.sys

14:43:52.0350 5904        IntcAzAudAddService - ok

14:43:52.0441 5904        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

14:43:52.0531 5904        intelide - ok

14:43:52.0794 5904        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

14:43:52.0897 5904        intelppm - ok

14:43:53.0014 5904        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:43:53.0145 5904        IpFilterDriver - ok

14:43:53.0276 5904        IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

14:43:53.0392 5904        IPMIDRV - ok

14:43:53.0510 5904        IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

14:43:53.0659 5904        IPNAT - ok

14:43:53.0793 5904        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

14:43:53.0940 5904        IRENUM - ok

14:43:54.0055 5904        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

14:43:54.0119 5904        isapnp - ok

14:43:54.0155 5904        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

14:43:54.0252 5904        iScsiPrt - ok

14:43:54.0381 5904        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

14:43:54.0453 5904        kbdclass - ok

14:43:54.0503 5904        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys

14:43:54.0643 5904        kbdhid - ok

14:43:54.0754 5904        KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

14:43:54.0848 5904        KSecDD - ok

14:43:54.0892 5904        KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

14:43:54.0966 5904        KSecPkg - ok

14:43:55.0070 5904        L1C             (12de252a44c344a7a044b3c1190df63b) C:\Windows\system32\DRIVERS\L1C62x86.sys

14:43:55.0125 5904        L1C - ok

14:43:55.0251 5904        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

14:43:55.0380 5904        lltdio - ok

14:43:55.0455 5904        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys

14:43:55.0544 5904        LSI_FC - ok

14:43:55.0665 5904        LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys

14:43:55.0728 5904        LSI_SAS - ok

14:43:55.0754 5904        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys

14:43:55.0816 5904        LSI_SAS2 - ok

14:43:55.0845 5904        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys

14:43:55.0908 5904        LSI_SCSI - ok

14:43:55.0948 5904        luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

14:43:56.0128 5904        luafv - ok

14:43:56.0240 5904        massfilter      (f0435fe3c1ec2659d2bbf073ca0752ee) C:\Windows\system32\DRIVERS\massfilter.sys

14:43:56.0347 5904        massfilter - ok

14:43:56.0469 5904        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

14:43:56.0566 5904        MBAMProtector - ok

14:43:56.0716 5904        megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys

14:43:56.0791 5904        megasas - ok

14:43:56.0862 5904        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys

14:43:56.0937 5904        MegaSR - ok

14:43:57.0053 5904        Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

14:43:57.0188 5904        Modem - ok

14:43:57.0314 5904        monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

14:43:57.0404 5904        monitor - ok

14:43:57.0448 5904        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

14:43:57.0519 5904        mouclass - ok

14:43:57.0625 5904        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

14:43:57.0699 5904        mouhid - ok

14:43:57.0742 5904        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

14:43:57.0827 5904        mountmgr - ok

14:43:57.0933 5904        MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys

14:43:58.0040 5904        MpFilter - ok

14:43:58.0074 5904        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

14:43:58.0185 5904        mpio - ok

14:43:58.0290 5904        MpKsl03a4c6da - ok

14:43:58.0337 5904        MpKsl0415a17a - ok

14:43:58.0489 5904        MpKsl0ce4fbda - ok

14:43:58.0585 5904        MpKsl0fec7b90 - ok

14:43:58.0650 5904        MpKsl196bd21b - ok

14:43:58.0760 5904        MpKsl2607df49 - ok

14:43:58.0870 5904        MpKsl264939d0 - ok

14:43:58.0995 5904        MpKsl29daf26c - ok

14:43:59.0105 5904        MpKsl2ff64951 - ok

14:43:59.0215 5904        MpKsl3157fefe - ok

14:43:59.0314 5904        MpKsl32784dd6 - ok

14:43:59.0371 5904        MpKsl39de850c - ok

14:43:59.0415 5904        MpKsl3b15d3df - ok

14:43:59.0534 5904        MpKsl3b20d1df - ok

14:43:59.0758 5904        MpKsl3d91ac19   (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0EBD368F-E828-457E-BDC1-CBB385C672EC}\MpKsl3d91ac19.sys

14:43:59.0877 5904        MpKsl3d91ac19 - ok

14:43:59.0949 5904        MpKsl42ad931c - ok

14:44:00.0015 5904        MpKsl4b58eb93 - ok

14:44:00.0064 5904        MpKsl530ba384 - ok

14:44:00.0124 5904        MpKsl56cbc87c - ok

14:44:00.0183 5904        MpKsl591c3512 - ok

14:44:00.0278 5904        MpKsl5dd51386 - ok

14:44:00.0333 5904        MpKsl60a39861 - ok

14:44:00.0377 5904        MpKsl66ddca17 - ok

14:44:00.0406 5904        MpKsl73a19290 - ok

14:44:00.0454 5904        MpKsl8250f1ca - ok

14:44:00.0496 5904        MpKsl87dd9996 - ok

14:44:00.0524 5904        MpKsl8c8877d0 - ok

14:44:00.0556 5904        MpKsl9adc85e3 - ok

14:44:00.0654 5904        MpKsla2d8ff97   (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0EBD368F-E828-457E-BDC1-CBB385C672EC}\MpKsla2d8ff97.sys

14:44:00.0724 5904        MpKsla2d8ff97 - ok

14:44:00.0747 5904        MpKslabc6275f - ok

14:44:00.0779 5904        MpKslacd9d4c8 - ok

14:44:00.0839 5904        MpKslad072f99 - ok

14:44:00.0861 5904        MpKslafa01a84 - ok

14:44:00.0887 5904        MpKslbed8239e - ok

14:44:00.0914 5904        MpKslcf848c6c - ok

14:44:00.0931 5904        MpKsld47cdf20 - ok

14:44:00.0954 5904        MpKsld6316ddf - ok

14:44:01.0006 5904        MpKsld7678723 - ok

14:44:01.0029 5904        MpKslf78ff9e9 - ok

14:44:01.0051 5904        MpKslf96a787e - ok

14:44:01.0144 5904        MpNWMon         (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys

14:44:01.0238 5904        MpNWMon - ok

14:44:01.0284 5904        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

14:44:01.0419 5904        mpsdrv - ok

14:44:01.0614 5904        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

14:44:01.0749 5904        MRxDAV - ok

14:44:01.0844 5904        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:44:01.0981 5904        mrxsmb - ok

14:44:02.0086 5904        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:44:02.0193 5904        mrxsmb10 - ok

14:44:02.0315 5904        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:44:02.0418 5904        mrxsmb20 - ok

14:44:02.0528 5904        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

14:44:02.0600 5904        msahci - ok

14:44:02.0701 5904        msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

14:44:02.0796 5904        msdsm - ok

14:44:02.0918 5904        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

14:44:03.0022 5904        Msfs - ok

14:44:03.0077 5904        mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

14:44:03.0175 5904        mshidkmdf - ok

14:44:03.0236 5904        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

14:44:03.0291 5904        msisadrv - ok

14:44:03.0421 5904        MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

14:44:03.0553 5904        MSKSSRV - ok

14:44:03.0705 5904        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

14:44:03.0832 5904        MSPCLOCK - ok

14:44:03.0949 5904        MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

14:44:04.0073 5904        MSPQM - ok

14:44:04.0169 5904        MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

14:44:04.0236 5904        MsRPC - ok

14:44:04.0303 5904        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

14:44:04.0393 5904        mssmbios - ok

14:44:04.0540 5904        MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

14:44:04.0658 5904        MSTEE - ok

14:44:04.0746 5904        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys

14:44:04.0824 5904        MTConfig - ok

14:44:04.0884 5904        Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

14:44:04.0952 5904        Mup - ok

14:44:05.0052 5904        NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

14:44:05.0188 5904        NativeWifiP - ok

14:44:05.0300 5904        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

14:44:05.0458 5904        NDIS - ok

14:44:05.0626 5904        NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

14:44:05.0757 5904        NdisCap - ok

14:44:05.0862 5904        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

14:44:05.0996 5904        NdisTapi - ok

14:44:06.0109 5904        Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

14:44:06.0244 5904        Ndisuio - ok

14:44:06.0294 5904        NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

14:44:06.0447 5904        NdisWan - ok

14:44:06.0560 5904        NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

14:44:06.0695 5904        NDProxy - ok

14:44:06.0816 5904        NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

14:44:06.0952 5904        NetBIOS - ok

14:44:06.0990 5904        NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

14:44:07.0190 5904        NetBT - ok

14:44:07.0536 5904        NETw5s32        (a520aed8926ad6185031b9b18f55397e) C:\Windows\system32\DRIVERS\NETw5s32.sys

14:44:07.0992 5904        NETw5s32 - ok

14:44:08.0115 5904        nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys

14:44:08.0183 5904        nfrd960 - ok

14:44:08.0250 5904        NisDrv          (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

14:44:08.0346 5904        NisDrv - ok

14:44:08.0455 5904        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

14:44:08.0581 5904        Npfs - ok

14:44:08.0641 5904        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

14:44:08.0747 5904        nsiproxy - ok

14:44:08.0819 5904        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

14:44:09.0190 5904        Ntfs - ok

14:44:09.0291 5904        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

14:44:09.0406 5904        Null - ok

14:44:09.0502 5904        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

14:44:09.0571 5904        nvraid - ok

14:44:09.0628 5904        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

14:44:09.0698 5904        nvstor - ok

14:44:09.0824 5904        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

14:44:09.0900 5904        nv_agp - ok

14:44:10.0013 5904        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

14:44:10.0130 5904        ohci1394 - ok

14:44:10.0312 5904        Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys

14:44:10.0401 5904        Parport - ok

14:44:10.0455 5904        partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

14:44:10.0522 5904        partmgr - ok

14:44:10.0591 5904        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys

14:44:10.0671 5904        Parvdm - ok

14:44:10.0750 5904        pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

14:44:10.0824 5904        pci - ok

14:44:10.0876 5904        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

14:44:10.0929 5904        pciide - ok

14:44:10.0970 5904        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys

14:44:11.0048 5904        pcmcia - ok

14:44:11.0077 5904        pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

14:44:11.0137 5904        pcw - ok

14:44:11.0188 5904        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

14:44:11.0374 5904        PEAUTH - ok

14:44:11.0574 5904        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

14:44:11.0707 5904        PptpMiniport - ok

14:44:11.0744 5904        Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys

14:44:11.0831 5904        Processor - ok

14:44:11.0966 5904        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

14:44:12.0102 5904        Psched - ok

14:44:12.0258 5904        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys

14:44:12.0419 5904        ql2300 - ok

14:44:12.0464 5904        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys

14:44:12.0549 5904        ql40xx - ok

14:44:12.0605 5904        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

14:44:12.0680 5904        QWAVEdrv - ok

14:44:12.0743 5904        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

14:44:12.0890 5904        RasAcd - ok

14:44:12.0954 5904        RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

14:44:13.0105 5904        RasAgileVpn - ok

14:44:13.0215 5904        Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:44:13.0344 5904        Rasl2tp - ok

14:44:13.0478 5904        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

14:44:13.0595 5904        RasPppoe - ok

14:44:13.0628 5904        RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

14:44:13.0762 5904        RasSstp - ok

14:44:13.0877 5904        rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

14:44:14.0051 5904        rdbss - ok

14:44:14.0166 5904        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

14:44:14.0258 5904        rdpbus - ok

14:44:14.0374 5904        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:44:14.0494 5904        RDPCDD - ok

14:44:14.0616 5904        RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

14:44:14.0799 5904        RDPDR - ok

14:44:14.0923 5904        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

14:44:15.0041 5904        RDPENCDD - ok

14:44:15.0084 5904        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

14:44:15.0195 5904        RDPREFMP - ok

14:44:15.0359 5904        RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys

14:44:15.0540 5904        RdpVideoMiniport - ok

14:44:15.0643 5904        RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

14:44:15.0757 5904        RDPWD - ok

14:44:15.0812 5904        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

14:44:15.0900 5904        rdyboost - ok

14:44:16.0015 5904        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys

14:44:16.0120 5904        RFCOMM - ok

14:44:16.0273 5904        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

14:44:16.0399 5904        rspndr - ok

14:44:16.0542 5904        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

14:44:16.0610 5904        sbp2port - ok

14:44:16.0665 5904        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

14:44:16.0786 5904        scfilter - ok

14:44:16.0931 5904        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

14:44:17.0083 5904        secdrv - ok

14:44:17.0235 5904        Ser2pl          (b97e1d0e59a128394f24e9f31e227ef2) C:\Windows\system32\DRIVERS\ser2pl.sys

14:44:17.0325 5904        Ser2pl - ok

14:44:17.0431 5904        Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

14:44:17.0515 5904        Serenum - ok

14:44:17.0561 5904        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys

14:44:17.0744 5904        Serial - ok

14:44:17.0851 5904        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys

14:44:17.0952 5904        sermouse - ok

14:44:18.0097 5904        sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

14:44:18.0221 5904        sffdisk - ok

14:44:18.0325 5904        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

14:44:18.0431 5904        sffp_mmc - ok

14:44:18.0543 5904        sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

14:44:18.0637 5904        sffp_sd - ok

14:44:18.0746 5904        sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys

14:44:18.0846 5904        sfloppy - ok

14:44:18.0992 5904        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

14:44:19.0084 5904        sisagp - ok

14:44:19.0181 5904        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys

14:44:19.0238 5904        SiSRaid2 - ok

14:44:19.0262 5904        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys

14:44:19.0329 5904        SiSRaid4 - ok

14:44:19.0363 5904        Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

14:44:19.0484 5904        Smb - ok

14:44:19.0541 5904        spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

14:44:19.0618 5904        spldr - ok

14:44:19.0784 5904        sptd            (8ea0fd60a5b047e0c734d51aace531c9) C:\Windows\System32\Drivers\sptd.sys

14:44:19.0785 5904        Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 8ea0fd60a5b047e0c734d51aace531c9

14:44:19.0788 5904        sptd ( LockedFile.Multi.Generic ) - warning

14:44:19.0788 5904        sptd - detected LockedFile.Multi.Generic (1)

14:44:19.0841 5904        srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

14:44:20.0002 5904        srv - ok

14:44:20.0120 5904        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

14:44:20.0203 5904        srv2 - ok

14:44:20.0236 5904        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

14:44:20.0340 5904        srvnet - ok

14:44:20.0455 5904        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys

14:44:20.0511 5904        stexstor - ok

14:44:20.0558 5904        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

14:44:20.0619 5904        swenum - ok

14:44:20.0661 5904        Synth3dVsc - ok

14:44:20.0721 5904        SynTP           (5cdd124913e91c7f79b4d5cae1c7c4de) C:\Windows\system32\DRIVERS\SynTP.sys

14:44:20.0792 5904        SynTP - ok

14:44:20.0978 5904        Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys

14:44:21.0154 5904        Tcpip - ok

14:44:21.0318 5904        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys

14:44:21.0469 5904        TCPIP6 - ok

14:44:21.0579 5904        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

14:44:21.0696 5904        tcpipreg - ok

14:44:21.0757 5904        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

14:44:21.0876 5904        TDPIPE - ok

14:44:21.0967 5904        TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

14:44:22.0081 5904        TDTCP - ok

14:44:22.0168 5904        tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

14:44:22.0283 5904        tdx - ok

14:44:22.0320 5904        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

14:44:22.0403 5904        TermDD - ok

14:44:22.0576 5904        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:44:22.0687 5904        tssecsrv - ok

14:44:22.0815 5904        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

14:44:23.0018 5904        TsUsbFlt - ok

14:44:23.0108 5904        tsusbhub - ok

14:44:23.0179 5904        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

14:44:23.0306 5904        tunnel - ok

14:44:23.0425 5904        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys

14:44:23.0495 5904        uagp35 - ok

14:44:23.0539 5904        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

14:44:23.0675 5904        udfs - ok

14:44:23.0853 5904        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

14:44:23.0925 5904        uliagpkx - ok

14:44:24.0027 5904        umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

14:44:24.0123 5904        umbus - ok

14:44:24.0241 5904        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

14:44:24.0317 5904        UmPass - ok

14:44:24.0398 5904        usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

14:44:24.0525 5904        usbccgp - ok

14:44:24.0637 5904        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

14:44:24.0733 5904        usbcir - ok

14:44:24.0784 5904        usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys

14:44:24.0869 5904        usbehci - ok

14:44:24.0980 5904        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

14:44:25.0102 5904        usbhub - ok

14:44:25.0214 5904        usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys

14:44:25.0298 5904        usbohci - ok

14:44:25.0414 5904        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

14:44:25.0566 5904        usbprint - ok

14:44:25.0686 5904        usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

14:44:25.0780 5904        usbscan - ok

14:44:25.0828 5904        USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:44:25.0947 5904        USBSTOR - ok

14:44:26.0047 5904        usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys

14:44:26.0128 5904        usbuhci - ok

14:44:26.0189 5904        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys

14:44:26.0289 5904        usbvideo - ok

14:44:26.0426 5904        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

14:44:26.0489 5904        vdrvroot - ok

14:44:26.0572 5904        vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

14:44:26.0665 5904        vga - ok

14:44:26.0772 5904        VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

14:44:26.0892 5904        VgaSave - ok

14:44:26.0910 5904        VGPU - ok

14:44:26.0968 5904        vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

14:44:27.0040 5904        vhdmp - ok

14:44:27.0168 5904        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

14:44:27.0238 5904        viaagp - ok

14:44:27.0278 5904        ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys

14:44:27.0364 5904        ViaC7 - ok

14:44:27.0414 5904        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

14:44:27.0499 5904        viaide - ok

14:44:27.0624 5904        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

14:44:27.0697 5904        volmgr - ok

14:44:27.0739 5904        volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

14:44:27.0823 5904        volmgrx - ok

14:44:27.0878 5904        volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

14:44:27.0965 5904        volsnap - ok

14:44:28.0018 5904        vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys

14:44:28.0089 5904        vsmraid - ok

14:44:28.0128 5904        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

14:44:28.0214 5904        vwifibus - ok

14:44:28.0260 5904        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

14:44:28.0337 5904        vwififlt - ok

14:44:28.0428 5904        vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

14:44:28.0515 5904        vwifimp - ok

14:44:28.0576 5904        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys

14:44:28.0677 5904        WacomPen - ok

14:44:28.0799 5904        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

14:44:28.0937 5904        WANARP - ok

14:44:28.0955 5904        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

14:44:29.0069 5904        Wanarpv6 - ok

14:44:29.0295 5904        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys

14:44:29.0352 5904        Wd - ok

14:44:29.0404 5904        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

14:44:29.0497 5904        Wdf01000 - ok

14:44:29.0706 5904        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

14:44:29.0833 5904        WfpLwf - ok

14:44:30.0096 5904        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

14:44:30.0163 5904        WIMMount - ok

14:44:30.0386 5904        WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

14:44:30.0467 5904        WmiAcpi - ok

14:44:30.0730 5904        ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

14:44:30.0864 5904        ws2ifsl - ok

14:44:31.0012 5904        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

14:44:31.0149 5904        WudfPf - ok

14:44:31.0267 5904        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:44:31.0377 5904        WUDFRd - ok

14:44:31.0530 5904        ZTEusbmdm6k     (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys

14:44:31.0675 5904        ZTEusbmdm6k - ok

14:44:31.0774 5904        ZTEusbnet       (9862f9d2ff50ae748ed42c022e6aac15) C:\Windows\system32\DRIVERS\ZTEusbnet.sys

14:44:31.0907 5904        ZTEusbnet - ok

14:44:32.0019 5904        ZTEusbnmea      (f16ce3c7690ab7426dc96520d54a737e) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys

14:44:32.0192 5904        ZTEusbnmea - ok

14:44:32.0302 5904        ZTEusbser6k     (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys

14:44:32.0389 5904        ZTEusbser6k - ok

14:44:32.0430 5904        ZTEusbvoice     (f16ce3c7690ab7426dc96520d54a737e) C:\Windows\system32\DRIVERS\ZTEusbvoice.sys

14:44:32.0521 5904        ZTEusbvoice - ok

14:44:32.0598 5904        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

14:44:32.0826 5904        \Device\Harddisk0\DR0 - ok

14:44:32.0843 5904        Boot (0x1200)   (a06662882eb9310df21722fe53a799e9) \Device\Harddisk0\DR0\Partition0

14:44:32.0845 5904        \Device\Harddisk0\DR0\Partition0 - ok

14:44:32.0861 5904        Boot (0x1200)   (00fbd6a8de93ed48f849a37cbe59a8f8) \Device\Harddisk0\DR0\Partition1

14:44:32.0863 5904        \Device\Harddisk0\DR0\Partition1 - ok

14:44:32.0882 5904        Boot (0x1200)   (886be5f3db714a0808fbd86a07cf5a56) \Device\Harddisk0\DR0\Partition2

14:44:32.0885 5904        \Device\Harddisk0\DR0\Partition2 - ok

14:44:32.0886 5904        ============================================================

14:44:32.0886 5904        Scan finished

14:44:32.0886 5904        ============================================================

14:44:32.0923 4236        Detected object count: 1

14:44:32.0923 4236        Actual detected object count: 1

14:44:48.0028 4236        sptd ( LockedFile.Multi.Generic ) - skipped by user

14:44:48.0028 4236        sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Sieht gar nicht so schlecht aus, oder?

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hi cosinus,

hier der Bericht von CF:

Combofix Logfile:

Code:

ComboFix 12-01-02.01 - XXXX 02.01.2012  15:26:17.1.4 - x86

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.1013.388 [GMT 1:00]

ausgeführt von:: c:\users\XXXX\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

c:\users\XXXX\Documents\~WRL0003.tmp

c:\windows\$NtUninstallKB8252$

c:\windows\$NtUninstallKB8252$\3152536925

c:\windows\$NtUninstallKB8252$\3954193523\@

c:\windows\$NtUninstallKB8252$\3954193523\L\xadqgnnk

c:\windows\$NtUninstallKB8252$\3954193523\loader.tlb

c:\windows\$NtUninstallKB8252$\3954193523\U\@00000001

c:\windows\$NtUninstallKB8252$\3954193523\U\@000000c0

c:\windows\$NtUninstallKB8252$\3954193523\U\@000000cb

c:\windows\$NtUninstallKB8252$\3954193523\U\@000000cf

c:\windows\$NtUninstallKB8252$\3954193523\U\@80000000

c:\windows\$NtUninstallKB8252$\3954193523\U\@800000c0

c:\windows\$NtUninstallKB8252$\3954193523\U\@800000cb

c:\windows\$NtUninstallKB8252$\3954193523\U\@800000cf

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-12-02 bis 2012-01-02  ))))))))))))))))))))))))))))))

.

.

2012-01-02 14:44 . 2012-01-02 14:47        --------        d-----w-        c:\users\XXXX\AppData\Local\temp

2012-01-02 14:44 . 2012-01-02 14:44        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-01-02 14:35 . 2012-01-02 14:46        56200        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B23F984-7874-413C-B169-8E70F000B7DE}\offreg.dll

2012-01-02 14:35 . 2011-11-21 10:47        6823496        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B23F984-7874-413C-B169-8E70F000B7DE}\mpengine.dll

2012-01-02 14:22 . 2011-04-25 02:18        338944        ----a-w-        c:\windows\system32\drivers\afd.sys

2012-01-02 13:01 . 2012-01-02 13:01        --------        d-----w-        C:\_OTL

2011-12-31 06:18 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-12-30 19:54 . 2011-12-30 19:54        --------        d-----w-        c:\users\XXXX\AppData\Local\Amazon

2011-12-30 19:54 . 2011-12-30 19:54        --------        d-----w-        c:\program files\Amazon

2011-12-30 14:08 . 2011-11-24 04:25        2342912        ----a-w-        c:\windows\system32\win32k.sys

2011-12-30 14:08 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\system32\tzres.dll

2011-12-30 14:07 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\system32\EncDec.dll

2011-12-30 14:07 . 2011-10-26 04:28        38912        ----a-w-        c:\windows\system32\csrsrv.dll

2011-12-30 14:06 . 2011-10-26 04:47        3912560        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-12-30 14:06 . 2011-10-26 04:47        3967856        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2011-12-30 04:56 . 2011-12-30 04:56        --------        d-----w-        c:\program files\ESET

2011-12-29 17:18 . 2011-12-29 17:18        --------        d-----w-        c:\users\XXXX\AppData\Roaming\Malwarebytes

2011-12-29 17:17 . 2011-12-29 17:17        --------        d-----w-        c:\programdata\Malwarebytes

2011-12-29 17:17 . 2011-12-31 06:18        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-12-26 18:04 . 2011-12-30 13:37        --------        d-----w-        C:\Closeall

2011-12-14 11:22 . 2011-12-14 11:22        --------        d-----w-        c:\users\XXXX\AppData\Roaming\Rovio

2011-12-14 11:20 . 2011-12-30 13:37        --------        d-----w-        c:\program files\AngryBirds

2011-12-14 09:18 . 2011-12-30 13:37        --------        d-----w-        c:\program files\Finale 2009 Demo

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-27 08:46 . 2011-11-27 08:46        1409        ----a-w-        c:\windows\QTFont.for

2011-11-21 10:47 . 2011-08-01 19:21        6823496        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-11-18 13:32 . 2011-11-18 13:32        499712        ----a-w-        c:\windows\system32\msvcp71.dll

2011-11-18 13:32 . 2011-11-18 13:32        348160        ----a-w-        c:\windows\system32\msvcr71.dll

2011-11-11 18:36 . 2011-06-05 14:32        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-11 07:30 . 2011-10-11 07:31        703824        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91F289DD-5888-4D1D-A290-EC24EF7F5FB1}\gapaengine.dll

2010-03-31 09:09 . 2010-03-31 09:09        10437264        ----a-w-        c:\program files\mozilla firefox\plugins\PDFNetC.dll

2010-04-08 11:36 . 2010-04-08 11:36        107760        ----a-w-        c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll

2011-11-10 05:35 . 2011-06-05 14:21        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-22 9292392]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-16 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-16 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-16 150552]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-11-18 296056]

"Uniboard virtual printer agent"="c:\program files\Uniboard 4\ubrdagent.exe" [2009-08-27 94208]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]

2010-06-11 12:28        715296        ----a-w-        c:\program files\Acer\Acer ePower Management\ePowerTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AndroidManager]

2010-01-08 09:47        508280        ----a-w-        c:\program files\Acer\Android Manager\AML.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus SX525WD(Netzwerk)]

2011-07-19 06:02        201216        ----a-w-        c:\windows\System32\spool\drivers\w32x86\3\E_FATIGAE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-06-20 17:47        136176        ----atw-        c:\users\XXXX\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPatchData]

2010-11-30 02:13        489848        ----a-w-        c:\program files\Acer\Updater\iUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSyncData]

2010-01-08 09:53        407416        ----a-w-        c:\program files\Acer\Android Manager\iSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

2010-06-22 06:34        968272        ----a-w-        c:\program files\Launch Manager\LManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]

2009-04-20 16:20        2327552        ----a-w-        c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-04-08 10:59        254696        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe

.

R1 MpKsl03a4c6da;MpKsl03a4c6da;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C195B4E7-D3D0-4BD3-ADC8-ACAD45D99179}\MpKsl03a4c6da.sys [x]

R1 MpKsl0415a17a;MpKsl0415a17a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7CAFB7B-B1A4-4BC6-965D-53A2EBFF0EC6}\MpKsl0415a17a.sys [x]

R1 MpKsl0ce4fbda;MpKsl0ce4fbda;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{226C1614-04E9-4FA7-8A85-43351DF1452E}\MpKsl0ce4fbda.sys [x]

R1 MpKsl0fec7b90;MpKsl0fec7b90;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5363F6DE-C0E9-42E1-9D19-A6A03AF97927}\MpKsl0fec7b90.sys [x]

R1 MpKsl196bd21b;MpKsl196bd21b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F583F41C-7C3C-428A-9F94-0241211680EA}\MpKsl196bd21b.sys [x]

R1 MpKsl2607df49;MpKsl2607df49;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC8F7EFF-663D-47CA-8E8D-A2F08CB20CA1}\MpKsl2607df49.sys [x]

R1 MpKsl264939d0;MpKsl264939d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44B8F922-8674-4361-9D4A-6F7BC90D132A}\MpKsl264939d0.sys [x]

R1 MpKsl29daf26c;MpKsl29daf26c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{739B6494-E1F8-4F3E-A4AD-2635939D4307}\MpKsl29daf26c.sys [x]

R1 MpKsl2ff64951;MpKsl2ff64951;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44B8F922-8674-4361-9D4A-6F7BC90D132A}\MpKsl2ff64951.sys [x]

R1 MpKsl3157fefe;MpKsl3157fefe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8F9B1DF-A4A6-4053-B1B5-AFF15E5610BA}\MpKsl3157fefe.sys [x]

R1 MpKsl32784dd6;MpKsl32784dd6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{739B6494-E1F8-4F3E-A4AD-2635939D4307}\MpKsl32784dd6.sys [x]

R1 MpKsl39de850c;MpKsl39de850c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DA91449-AF5F-49CD-BB42-57A9A5FC96A0}\MpKsl39de850c.sys [x]

R1 MpKsl3b15d3df;MpKsl3b15d3df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0CD785C-CEC5-4269-A8C0-02BE77C7276A}\MpKsl3b15d3df.sys [x]

R1 MpKsl3b20d1df;MpKsl3b20d1df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9247875B-6B15-4054-94B1-36A342ACCA51}\MpKsl3b20d1df.sys [x]

R1 MpKsl42ad931c;MpKsl42ad931c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4314C7D-B49C-4236-8AF5-4AF0A1CB514C}\MpKsl42ad931c.sys [x]

R1 MpKsl4b58eb93;MpKsl4b58eb93;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8F9B1DF-A4A6-4053-B1B5-AFF15E5610BA}\MpKsl4b58eb93.sys [x]

R1 MpKsl530ba384;MpKsl530ba384;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B655E456-CA33-44A9-876F-2566EF045783}\MpKsl530ba384.sys [x]

R1 MpKsl56cbc87c;MpKsl56cbc87c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7BAF7D75-2455-4C12-B3DB-2627F7E0C222}\MpKsl56cbc87c.sys [x]

R1 MpKsl591c3512;MpKsl591c3512;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2309F098-9DF0-4428-A04B-4E4C3A860FA9}\MpKsl591c3512.sys [x]

R1 MpKsl5dd51386;MpKsl5dd51386;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C195B4E7-D3D0-4BD3-ADC8-ACAD45D99179}\MpKsl5dd51386.sys [x]

R1 MpKsl60a39861;MpKsl60a39861;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A559CAC5-CCC0-44CA-BD53-7D16E39A2950}\MpKsl60a39861.sys [x]

R1 MpKsl66ddca17;MpKsl66ddca17;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDFA5914-EF9B-4DCD-AF44-8A45F460628E}\MpKsl66ddca17.sys [x]

R1 MpKsl73a19290;MpKsl73a19290;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31463DE6-8107-4DCB-A1B2-7E1C67449C78}\MpKsl73a19290.sys [x]

R1 MpKsl8250f1ca;MpKsl8250f1ca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EE7DB756-E1A3-4734-971D-0224EF1824FB}\MpKsl8250f1ca.sys [x]

R1 MpKsl87dd9996;MpKsl87dd9996;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DA91449-AF5F-49CD-BB42-57A9A5FC96A0}\MpKsl87dd9996.sys [x]

R1 MpKsl8c8877d0;MpKsl8c8877d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10975C14-CC0D-4EC9-BB16-8B882079BDBB}\MpKsl8c8877d0.sys [x]

R1 MpKsl9adc85e3;MpKsl9adc85e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CB37EA3-803A-4B4F-B500-D2E904DEB5FF}\MpKsl9adc85e3.sys [x]

R1 MpKslabc6275f;MpKslabc6275f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E30EB4AE-B0CC-4648-9C99-937033DE171F}\MpKslabc6275f.sys [x]

R1 MpKslacd9d4c8;MpKslacd9d4c8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A3880D1-C127-41E7-B79E-8A7A1D077D23}\MpKslacd9d4c8.sys [x]

R1 MpKslad072f99;MpKslad072f99;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F71A4E9C-600F-4777-A00A-86BDF0B458C1}\MpKslad072f99.sys [x]

R1 MpKslafa01a84;MpKslafa01a84;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5074FC6-C8A1-4C9E-84FC-A1F015AF4F85}\MpKslafa01a84.sys [x]

R1 MpKslbed8239e;MpKslbed8239e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4968A468-FEC9-432D-8334-ED6D41CAB976}\MpKslbed8239e.sys [x]

R1 MpKslcf848c6c;MpKslcf848c6c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4984F29D-9D0F-41B0-84A8-9C1A7995DC08}\MpKslcf848c6c.sys [x]

R1 MpKsld0bc60c8;MpKsld0bc60c8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EBD368F-E828-457E-BDC1-CBB385C672EC}\MpKsld0bc60c8.sys [x]

R1 MpKsld47cdf20;MpKsld47cdf20;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CFBD7F7-F09B-45DA-9E1D-1CBD3B15AB2B}\MpKsld47cdf20.sys [x]

R1 MpKsld6316ddf;MpKsld6316ddf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2C2A1ED-AD6E-4C44-8B4C-A63EBFF9C180}\MpKsld6316ddf.sys [x]

R1 MpKsld7678723;MpKsld7678723;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8F4C0B7-3720-46E0-BEC8-D25CE2AD277B}\MpKsld7678723.sys [x]

R1 MpKslf78ff9e9;MpKslf78ff9e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{257C8F7F-1361-4019-9037-D54251CEAC24}\MpKslf78ff9e9.sys [x]

R1 MpKslf96a787e;MpKslf96a787e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C3E59AE-123D-4005-A46C-B327BFC4A587}\MpKslf96a787e.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 135664]

R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2010-06-17 82768]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 135664]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-04-09 7680]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-25 1343400]

R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-04-09 110592]

R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-04-09 105344]

R4 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-06-22 321104]

R4 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 735776]

R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]

R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]

R4 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-04-20 9216]

R4 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-10-05 237056]

R4 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-10-05 1060352]

R4 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-10-05 484352]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-05-20 68208]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]

S3 NETw5s32;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-05-31 6766080]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

Inhalt des "geplante Tasks" Ordners

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 13:34]

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 13:34]

.

2012-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000Core.job

- c:\users\XXXX\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 17:47]

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000UA.job

- c:\users\XXXX\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 17:47]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

mStart Page = 

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\wo2dmo0j.default\

FF - prefs.js: browser.search.selectedEngine - Google.de

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\windows\System32\LocationNotifications.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-01-02  15:53:54 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-01-02 14:53

.

Vor Suchlauf: 13 Verzeichnis(se), 166.733.926.400 Bytes frei

Nach Suchlauf: 19 Verzeichnis(se), 166.488.657.920 Bytes frei

.

- - End Of File - - ABD854930188BB9EC9AE5AD07FFB25E4

--- --- ---

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

File::

c:\windows\system32\drivers\rdvgkmd.sys
 

Driver::

VGPU

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hallo,

hier das Logfile:
Combofix Logfile:

Code:

ComboFix 12-01-02.01 - XXX 02.01.2012  16:41:41.2.4 - x86

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.1013.248 [GMT 1:00]

ausgeführt von:: c:\users\XXX\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\XXX\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\drivers\rdvgkmd.sys"

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_VGPU

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-12-02 bis 2012-01-02  ))))))))))))))))))))))))))))))

.

.

2012-01-02 15:59 . 2012-01-02 15:59        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-01-02 15:30 . 2012-01-02 15:30        29904        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{361D6C28-6288-4A8A-B8C1-D2909AE180EC}\MpKsl9bb1ceb2.sys

2012-01-02 15:30 . 2012-01-02 16:01        56200        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{361D6C28-6288-4A8A-B8C1-D2909AE180EC}\offreg.dll

2012-01-02 15:30 . 2011-11-21 10:47        6823496        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{361D6C28-6288-4A8A-B8C1-D2909AE180EC}\mpengine.dll

2012-01-02 14:44 . 2012-01-02 16:01        --------        d-----w-        c:\users\XXX\AppData\Local\temp

2012-01-02 14:22 . 2011-04-25 02:18        338944        ----a-w-        c:\windows\system32\drivers\afd.sys

2012-01-02 13:01 . 2012-01-02 13:01        --------        d-----w-        C:\_OTL

2011-12-31 06:18 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-12-30 19:54 . 2011-12-30 19:54        --------        d-----w-        c:\users\XXX\AppData\Local\Amazon

2011-12-30 19:54 . 2011-12-30 19:54        --------        d-----w-        c:\program files\Amazon

2011-12-30 14:08 . 2011-11-24 04:25        2342912        ----a-w-        c:\windows\system32\win32k.sys

2011-12-30 14:08 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\system32\tzres.dll

2011-12-30 14:07 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\system32\EncDec.dll

2011-12-30 14:07 . 2011-10-26 04:28        38912        ----a-w-        c:\windows\system32\csrsrv.dll

2011-12-30 14:06 . 2011-10-26 04:47        3912560        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-12-30 14:06 . 2011-10-26 04:47        3967856        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2011-12-30 04:56 . 2011-12-30 04:56        --------        d-----w-        c:\program files\ESET

2011-12-29 17:18 . 2011-12-29 17:18        --------        d-----w-        c:\users\XXX\AppData\Roaming\Malwarebytes

2011-12-29 17:17 . 2011-12-29 17:17        --------        d-----w-        c:\programdata\Malwarebytes

2011-12-29 17:17 . 2011-12-31 06:18        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-12-26 18:04 . 2011-12-30 13:37        --------        d-----w-        C:\Closeall

2011-12-14 11:22 . 2011-12-14 11:22        --------        d-----w-        c:\users\XXX\AppData\Roaming\Rovio

2011-12-14 11:20 . 2011-12-30 13:37        --------        d-----w-        c:\program files\AngryBirds

2011-12-14 09:18 . 2011-12-30 13:37        --------        d-----w-        c:\program files\Finale 2009 Demo

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-27 08:46 . 2011-11-27 08:46        1409        ----a-w-        c:\windows\QTFont.for

2011-11-21 10:47 . 2011-08-01 19:21        6823496        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-11-18 13:32 . 2011-11-18 13:32        499712        ----a-w-        c:\windows\system32\msvcp71.dll

2011-11-18 13:32 . 2011-11-18 13:32        348160        ----a-w-        c:\windows\system32\msvcr71.dll

2011-11-11 18:36 . 2011-06-05 14:32        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-11 07:30 . 2011-10-11 07:31        703824        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91F289DD-5888-4D1D-A290-EC24EF7F5FB1}\gapaengine.dll

2010-03-31 09:09 . 2010-03-31 09:09        10437264        ----a-w-        c:\program files\mozilla firefox\plugins\PDFNetC.dll

2010-04-08 11:36 . 2010-04-08 11:36        107760        ----a-w-        c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll

2011-11-10 05:35 . 2011-06-05 14:21        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-22 9292392]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-16 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-16 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-16 150552]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-11-18 296056]

"Uniboard virtual printer agent"="c:\program files\Uniboard 4\ubrdagent.exe" [2009-08-27 94208]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]

2010-06-11 12:28        715296        ----a-w-        c:\program files\Acer\Acer ePower Management\ePowerTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AndroidManager]

2010-01-08 09:47        508280        ----a-w-        c:\program files\Acer\Android Manager\AML.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus SX525WD(Netzwerk)]

2011-07-19 06:02        201216        ----a-w-        c:\windows\System32\spool\drivers\w32x86\3\E_FATIGAE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-06-20 17:47        136176        ----atw-        c:\users\XXX\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPatchData]

2010-11-30 02:13        489848        ----a-w-        c:\program files\Acer\Updater\iUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSyncData]

2010-01-08 09:53        407416        ----a-w-        c:\program files\Acer\Android Manager\iSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

2010-06-22 06:34        968272        ----a-w-        c:\program files\Launch Manager\LManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]

2009-04-20 16:20        2327552        ----a-w-        c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-04-08 10:59        254696        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe

.

R1 MpKsl03a4c6da;MpKsl03a4c6da;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C195B4E7-D3D0-4BD3-ADC8-ACAD45D99179}\MpKsl03a4c6da.sys [x]

R1 MpKsl0415a17a;MpKsl0415a17a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7CAFB7B-B1A4-4BC6-965D-53A2EBFF0EC6}\MpKsl0415a17a.sys [x]

R1 MpKsl0ce4fbda;MpKsl0ce4fbda;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{226C1614-04E9-4FA7-8A85-43351DF1452E}\MpKsl0ce4fbda.sys [x]

R1 MpKsl0fec7b90;MpKsl0fec7b90;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5363F6DE-C0E9-42E1-9D19-A6A03AF97927}\MpKsl0fec7b90.sys [x]

R1 MpKsl196bd21b;MpKsl196bd21b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F583F41C-7C3C-428A-9F94-0241211680EA}\MpKsl196bd21b.sys [x]

R1 MpKsl2607df49;MpKsl2607df49;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC8F7EFF-663D-47CA-8E8D-A2F08CB20CA1}\MpKsl2607df49.sys [x]

R1 MpKsl264939d0;MpKsl264939d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44B8F922-8674-4361-9D4A-6F7BC90D132A}\MpKsl264939d0.sys [x]

R1 MpKsl29daf26c;MpKsl29daf26c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{739B6494-E1F8-4F3E-A4AD-2635939D4307}\MpKsl29daf26c.sys [x]

R1 MpKsl2ff64951;MpKsl2ff64951;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44B8F922-8674-4361-9D4A-6F7BC90D132A}\MpKsl2ff64951.sys [x]

R1 MpKsl3157fefe;MpKsl3157fefe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8F9B1DF-A4A6-4053-B1B5-AFF15E5610BA}\MpKsl3157fefe.sys [x]

R1 MpKsl32784dd6;MpKsl32784dd6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{739B6494-E1F8-4F3E-A4AD-2635939D4307}\MpKsl32784dd6.sys [x]

R1 MpKsl39de850c;MpKsl39de850c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DA91449-AF5F-49CD-BB42-57A9A5FC96A0}\MpKsl39de850c.sys [x]

R1 MpKsl3b15d3df;MpKsl3b15d3df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0CD785C-CEC5-4269-A8C0-02BE77C7276A}\MpKsl3b15d3df.sys [x]

R1 MpKsl3b20d1df;MpKsl3b20d1df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9247875B-6B15-4054-94B1-36A342ACCA51}\MpKsl3b20d1df.sys [x]

R1 MpKsl42ad931c;MpKsl42ad931c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4314C7D-B49C-4236-8AF5-4AF0A1CB514C}\MpKsl42ad931c.sys [x]

R1 MpKsl4b58eb93;MpKsl4b58eb93;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8F9B1DF-A4A6-4053-B1B5-AFF15E5610BA}\MpKsl4b58eb93.sys [x]

R1 MpKsl530ba384;MpKsl530ba384;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B655E456-CA33-44A9-876F-2566EF045783}\MpKsl530ba384.sys [x]

R1 MpKsl56cbc87c;MpKsl56cbc87c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7BAF7D75-2455-4C12-B3DB-2627F7E0C222}\MpKsl56cbc87c.sys [x]

R1 MpKsl591c3512;MpKsl591c3512;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2309F098-9DF0-4428-A04B-4E4C3A860FA9}\MpKsl591c3512.sys [x]

R1 MpKsl5dd51386;MpKsl5dd51386;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C195B4E7-D3D0-4BD3-ADC8-ACAD45D99179}\MpKsl5dd51386.sys [x]

R1 MpKsl60a39861;MpKsl60a39861;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A559CAC5-CCC0-44CA-BD53-7D16E39A2950}\MpKsl60a39861.sys [x]

R1 MpKsl66ddca17;MpKsl66ddca17;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDFA5914-EF9B-4DCD-AF44-8A45F460628E}\MpKsl66ddca17.sys [x]

R1 MpKsl73a19290;MpKsl73a19290;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31463DE6-8107-4DCB-A1B2-7E1C67449C78}\MpKsl73a19290.sys [x]

R1 MpKsl8250f1ca;MpKsl8250f1ca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EE7DB756-E1A3-4734-971D-0224EF1824FB}\MpKsl8250f1ca.sys [x]

R1 MpKsl87dd9996;MpKsl87dd9996;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DA91449-AF5F-49CD-BB42-57A9A5FC96A0}\MpKsl87dd9996.sys [x]

R1 MpKsl8c8877d0;MpKsl8c8877d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10975C14-CC0D-4EC9-BB16-8B882079BDBB}\MpKsl8c8877d0.sys [x]

R1 MpKsl9adc85e3;MpKsl9adc85e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CB37EA3-803A-4B4F-B500-D2E904DEB5FF}\MpKsl9adc85e3.sys [x]

R1 MpKslabc6275f;MpKslabc6275f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E30EB4AE-B0CC-4648-9C99-937033DE171F}\MpKslabc6275f.sys [x]

R1 MpKslacd9d4c8;MpKslacd9d4c8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A3880D1-C127-41E7-B79E-8A7A1D077D23}\MpKslacd9d4c8.sys [x]

R1 MpKslad072f99;MpKslad072f99;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F71A4E9C-600F-4777-A00A-86BDF0B458C1}\MpKslad072f99.sys [x]

R1 MpKslafa01a84;MpKslafa01a84;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5074FC6-C8A1-4C9E-84FC-A1F015AF4F85}\MpKslafa01a84.sys [x]

R1 MpKslbed8239e;MpKslbed8239e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4968A468-FEC9-432D-8334-ED6D41CAB976}\MpKslbed8239e.sys [x]

R1 MpKslcf848c6c;MpKslcf848c6c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4984F29D-9D0F-41B0-84A8-9C1A7995DC08}\MpKslcf848c6c.sys [x]

R1 MpKsld0bc60c8;MpKsld0bc60c8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EBD368F-E828-457E-BDC1-CBB385C672EC}\MpKsld0bc60c8.sys [x]

R1 MpKsld47cdf20;MpKsld47cdf20;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CFBD7F7-F09B-45DA-9E1D-1CBD3B15AB2B}\MpKsld47cdf20.sys [x]

R1 MpKsld6316ddf;MpKsld6316ddf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2C2A1ED-AD6E-4C44-8B4C-A63EBFF9C180}\MpKsld6316ddf.sys [x]

R1 MpKsld7678723;MpKsld7678723;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8F4C0B7-3720-46E0-BEC8-D25CE2AD277B}\MpKsld7678723.sys [x]

R1 MpKslf78ff9e9;MpKslf78ff9e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{257C8F7F-1361-4019-9037-D54251CEAC24}\MpKslf78ff9e9.sys [x]

R1 MpKslf96a787e;MpKslf96a787e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C3E59AE-123D-4005-A46C-B327BFC4A587}\MpKslf96a787e.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 135664]

R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2010-06-17 82768]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 135664]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-04-09 7680]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-25 1343400]

R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-04-09 110592]

R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-04-09 105344]

R4 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-06-22 321104]

R4 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 735776]

R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]

R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]

R4 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-04-20 9216]

R4 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-10-05 237056]

R4 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-10-05 1060352]

R4 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-10-05 484352]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 MpKsl9bb1ceb2;MpKsl9bb1ceb2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{361D6C28-6288-4A8A-B8C1-D2909AE180EC}\MpKsl9bb1ceb2.sys [2012-01-02 29904]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-05-20 68208]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]

S3 NETw5s32;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-05-31 6766080]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

Inhalt des "geplante Tasks" Ordners

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 13:34]

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 13:34]

.

2012-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000Core.job

- c:\users\XXX\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 17:47]

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000UA.job

- c:\users\XXX\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 17:47]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

mStart Page = 

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\wo2dmo0j.default\

FF - prefs.js: browser.search.selectedEngine - Google.de

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\System32\LocationNotifications.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-01-02  17:07:43 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-01-02 16:07

ComboFix2.txt  2012-01-02 14:53

.

Vor Suchlauf: 18 Verzeichnis(se), 166.298.136.576 Bytes frei

Nach Suchlauf: 19 Verzeichnis(se), 166.261.014.528 Bytes frei

.

- - End Of File - - E7AA46074EE18DE81C3215D70E28B926

--- --- ---

Leider habe ich die Windows-Firewall nicht deaktivieren können... hoffe die Aktion hat trotzdem Aussicht auf Erfolg.

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).