Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Probleme mit Sirefef.P (https://www.trojaner-board.de/107168-probleme-sirefef-p.html)

biberbruder 29.12.2011 12:57

Probleme mit Sirefef.P
 
Hallo,

habe seit 3 Tagen Probleme mit dem Trojaner Win32:Sirefef.P
Die erste Meldung kam vor 3 Tagen mit MSE, daraufhin habe ich MSE die empfohlene Aktion ausführen lassen (entfernen). Nach Neustart war Sirefef.P zwar verschwunden, stattdessen zeiget MSE aber nun 3 Bedrohungen an (darunter wieder einen Sirefef (evtl. .S)). NAchdem ich MSE auch hier die empfohlenen Einstellungen machen lassen habe, kam nach dem erforderlichen Neustart wieder eine Warnmeldung über eine Bedrohung: Sirefef.P.

Habe dann im Netz recherchiert, versucht Sirefef.P manuell zu entfernen, die erste Aktion dabei wäre aber gewesen, den Prozess im Task-Manager zu stoppen, wo ich jedoch keinen Eintrag fand.
Deshalb habe ich weiterrecherchiert und bin schnell auf dieses Forum gestoßen.
Um größeren Schaden abzuwenden habe ich keine weiteren Lösungsschritte unternommen. Stattdessen habe ich defogger, OTL und gmer32 heruntergeladen und auf nach den angegebenen Anweisungen ausgeführt.
defogger und OTL liefen problemlos, gmer32 hat erst auf nach mehreren Anläufen geklappt, PC hat sich immer wieder aufgehängt.

Meine Fragen:

Ist mein System noch zu retten?
Wie soll ich vorgehen?
Oder ist Neuinstallation angesagt?

Danke für Eure Mühen

biberbruder

cosinus 29.12.2011 17:55

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

biberbruder 31.12.2011 10:53

Hallo, habe Malwarebytes das System scannen lassen, dabei wurden einige Bedrohungen entdeckt und entfernt:

Code:

Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.29.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
XXXX :: XXXX-PC [Administrator]

Schutz: Aktiviert

29.12.2011 20:21:01
mbam-log-2011-12-29 (20-21-01).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 330929
Laufzeit: 2 Stunde(n), 58 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\ProgramData\kbsetup.exe (Trojan.Agent) -> 3668 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|kbsetup (Trojan.Agent) -> Daten: C:\ProgramData\kbsetup.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|kbsetup (Trojan.Agent) -> Daten: C:\ProgramData\kbsetup.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|isomob (Trojan.Agent) -> Daten: C:\Users\XXXX\AppData\Roaming\isomob.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|isomob (Trojan.Agent) -> Daten: C:\Users\XXXX\AppData\Roaming\isomob.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 8
C:\Users\XXXX\Downloads\SoftonicDownloader_fuer_finale-notepad.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt.
C:\ProgramData\kbsetup.exe (Trojan.Agent) -> Löschen bei Neustart.
C:\Users\XXXX\AppData\Roaming\isomob.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\XXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INEKYBMO\7[1].exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\XXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VRGP740H\3[1].exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\XXXX\AppData\Local\Temp\E2DE.tmp (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\XXXX\AppData\Local\Temp\comphost.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\assembly\GAC_MSIL\Desktop.ini (Rootkit.0Access) -> Löschen bei Neustart.

(Ende)

Danach bin ich aber nicht mehr ins Internet gekommen, ich habe daraufhin eine Systemwiederherstellung durchgeführt, wie von Win7 vorgeschlagen.
Danach hatte ich wieder Zugang zum Internet, habe dann sofort ESET ausgeführt:

Code:

ESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6b70e722ff8caf44924be74966fd304d
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-30 02:07:16
# local_time=2011-12-30 03:07:16 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 13120258 76884289 0 0
# compatibility_mode=8192 67108863 100 0 35680 35680 0 0
# scanned=4048
# found=0
# cleaned=0
# scan_time=934
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6b70e722ff8caf44924be74966fd304d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-31 01:05:05
# local_time=2011-12-31 02:05:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 13143637 76907668 0 0
# compatibility_mode=8192 67108863 100 0 59059 59059 0 0
# scanned=216453
# found=3
# cleaned=0
# scan_time=17028
C:\Users\XXXX\AppData\Local\ebb03473\U\800000c0.@        a variant of Win32/Sirefef.CH trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\XXXX\Downloads\SoftonicDownloader_for_anvil-studio.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
C:\Users\XXXX\Downloads\SoftonicDownloader_fuer_free-avi-mpeg-wmv-mp4-flv-video-joiner.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6b70e722ff8caf44924be74966fd304d
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-31 05:46:04
# local_time=2011-12-31 06:46:04 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 13176961 76940992 0 0
# compatibility_mode=8192 67108863 100 0 92383 92383 0 0
# scanned=4034
# found=0
# cleaned=0
# scan_time=563

Diesen habe ich sogar mehrmals laufen lassen, zwischendurch habe ich die Dateien, die er als UNABLE TO CLEAN ausgegeben hatte per shift+entf gelöscht.

Bin ich sauber?

cosinus 31.12.2011 15:52

Zitat:

Bin ich sauber?
Nein. Das wird noch einiges an Arbeit sein. Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT


biberbruder 31.12.2011 17:45

Hallo,

schade, habe mich zu früh gefreut...

Hier das Logfile:

Code:

OTL logfile created on: 31.12.2011 16:48:59 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\XXXX\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,09 Mb Total Physical Memory | 332,82 Mb Available Physical Memory | 32,85% Memory free
1,99 Gb Paging File | 1,10 Gb Available in Paging File | 55,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215,79 Gb Total Space | 154,33 Gb Free Space | 71,52% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 2,63 Gb Free Space | 65,88% Space Free | Partition Type: FAT32
 
Computer Name: XXXX-PC | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.31 16:45:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\XXXX\Desktop\OTL.exe
PRC - [2011.11.18 14:32:23 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2011.08.02 08:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe
PRC - [2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.10.13 18:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.10.13 18:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.08.27 09:38:50 | 000,094,208 | ---- | M] () -- C:\Programme\Uniboard 4\ubrdagent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.08.27 09:38:50 | 000,094,208 | ---- | M] () -- C:\Programme\Uniboard 4\ubrdagent.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.09.02 07:39:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.08.25 10:41:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.10.05 15:28:12 | 001,060,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010.10.05 15:27:52 | 000,484,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010.10.05 15:24:38 | 000,237,056 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010.06.22 07:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Disabled | Stopped] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.11 13:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.01.30 00:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Disabled | Stopped] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.10.13 18:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.20 17:20:30 | 000,009,216 | ---- | M] (Vodafone) [Disabled | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2006.12.19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.31 06:54:33 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0A3880D1-C127-41E7-B79E-8A7A1D077D23}\MpKsl8c89c6b4.sys -- (MpKsl8c89c6b4)
DRV - [2011.09.25 09:11:49 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.04.27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.06.17 07:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2010.05.31 05:04:30 | 006,766,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2010.05.20 07:10:32 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.04.09 13:38:30 | 000,110,592 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.04.09 13:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.04.09 13:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.04.09 13:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.04.09 13:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.04.09 13:38:30 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2007.07.31 18:45:50 | 000,076,800 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50611p015l0454ww35w4752u491
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50611p015l0454ww35w4752u491
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50611p015l0454ww35w4752u491
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Google.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\XXXX\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\XXXX\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\XXXX\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\XXXX\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\XXXX\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.12.30 14:37:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.18 16:18:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.21 21:26:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.09 06:46:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.06.16 09:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Extensions
[2011.06.16 09:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.30 14:34:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\wo2dmo0j.default\extensions
[2011.10.22 19:20:28 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\wo2dmo0j.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011.12.30 14:37:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\wo2dmo0j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.07.07 18:02:48 | 000,002,101 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\wo2dmo0j.default\searchplugins\googlede.xml
[2011.07.07 16:58:20 | 000,002,057 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\wo2dmo0j.default\searchplugins\youtube-videosuche.xml
[2011.11.10 06:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.30 14:37:06 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WO2DMO0J.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.10 06:35:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.03.31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll
[2010.04.08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2011.11.10 06:35:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.10 06:35:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.10 06:35:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.23 15:55:32 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.11.10 06:35:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.10 06:35:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.10 06:35:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DeLorme Send To GPS) - {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Programme\DeLorme\SendToGPS\PNPluginForIE.dll (DeLorme)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Uniboard virtual printer agent] C:\Program Files\Uniboard 4\ubrdagent.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\XXXX\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [MediaGet2] C:\Users\XXXX\AppData\Local\MediaGet2\mediaget.exe --minimized File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20598892-8B40-43DF-B754-481AD76FDDA3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{709FF3B3-B061-4D85-84CF-6A799690F29C}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.08.09 06:48:07 | 000,000,001 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.08.09 06:48:07 | 000,000,048 | ---- | M] () - C:\AUTOEXEC.NT -- [ NTFS ]
O33 - MountPoints2\{4cfbd12c-e343-11e0-9fe2-0026c77973a6}\Shell - "" = AutoRun
O33 - MountPoints2\{4cfbd12c-e343-11e0-9fe2-0026c77973a6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{74697c76-b871-11e0-af41-88ae1d9d1ed7}\Shell - "" = AutoRun
O33 - MountPoints2\{74697c76-b871-11e0-af41-88ae1d9d1ed7}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{d40ab779-a70d-11e0-ad8f-88ae1d9d1ed7}\Shell - "" = AutoRun
O33 - MountPoints2\{d40ab779-a70d-11e0-ad8f-88ae1d9d1ed7}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Acer ePower Management - hkey= - key= - C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AndroidManager - hkey= - key= - C:\Programme\Acer\Android Manager\AML.exe ()
MsConfig - StartUpReg: Epson Stylus SX525WD(Netzwerk) - hkey= - key= -  File not found
MsConfig - StartUpReg: facemoods - hkey= - key= -  File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\XXXX\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: iPatchData - hkey= - key= - C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.)
MsConfig - StartUpReg: iSyncData - hkey= - key= - C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.)
MsConfig - StartUpReg: LManager - hkey= - key= - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
MsConfig - StartUpReg: MobileConnect - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= -  File not found
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.31 16:45:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\XXXX\Desktop\OTL.exe
[2011.12.31 07:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.31 07:18:21 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.30 20:55:14 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Documents\My Kindle Content
[2011.12.30 20:54:50 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2011.12.30 20:54:48 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Amazon
[2011.12.30 20:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2011.12.30 05:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.29 18:18:09 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Malwarebytes
[2011.12.29 18:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.29 18:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.26 19:04:23 | 000,000,000 | ---D | C] -- C:\Closeall
[2011.12.14 16:47:25 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Documents\IdaAustralien
[2011.12.14 12:22:48 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Rovio
[2011.12.14 12:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\AngryBirds
[2011.12.14 10:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Finale 2009 Demo
[2011.12.02 17:38:58 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\DieBuecherei
[1 C:\Users\XXXX\Documents\*.tmp files -> C:\Users\XXXX\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.31 16:45:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\XXXX\Desktop\OTL.exe
[2011.12.31 16:42:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000UA.job
[2011.12.31 16:42:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.31 16:41:55 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000UA.job
[2011.12.31 16:41:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.31 10:12:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000Core.job
[2011.12.31 07:18:37 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011.12.31 07:01:55 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.31 07:01:55 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.31 06:54:42 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.31 06:54:17 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.31 03:37:48 | 000,535,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.31 03:05:14 | 000,656,266 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.31 03:05:14 | 000,618,108 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.31 03:05:14 | 000,131,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.31 03:05:14 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.30 20:54:52 | 000,001,948 | ---- | M] () -- C:\Users\XXXX\Desktop\Kindle.lnk
[2011.12.30 20:45:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000Core.job
[2011.12.30 14:44:20 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2011.12.29 12:55:48 | 000,023,225 | ---- | M] () -- C:\Users\XXXX\Desktop\gmer_OTL_Extras.zip
[2011.12.28 08:49:20 | 000,000,176 | ---- | M] () -- C:\Users\XXXX\defogger_reenable
[2011.12.16 18:06:33 | 052,028,492 | ---- | M] () -- C:\Users\XXXX\Desktop\Dominion_20Anleitung_F8.flv
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.09 14:02:28 | 002,053,763 | ---- | M] () -- C:\Users\XXXX\Desktop\TK-Broschuere-Der-Ruecken.pdf
[2011.12.06 18:00:12 | 193,135,969 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Users\XXXX\Documents\*.tmp files -> C:\Users\XXXX\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.31 07:18:37 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011.12.30 20:54:52 | 000,001,948 | ---- | C] () -- C:\Users\XXXX\Desktop\Kindle.lnk
[2011.12.29 12:55:16 | 000,023,225 | ---- | C] () -- C:\Users\XXXX\Desktop\gmer_OTL_Extras.zip
[2011.12.28 08:48:36 | 000,000,176 | ---- | C] () -- C:\Users\XXXX\defogger_reenable
[2011.12.16 18:02:32 | 052,028,492 | ---- | C] () -- C:\Users\XXXX\Desktop\Dominion_20Anleitung_F8.flv
[2011.12.09 14:02:28 | 002,053,763 | ---- | C] () -- C:\Users\XXXX\Desktop\TK-Broschuere-Der-Ruecken.pdf
[2011.12.06 09:26:49 | 000,004,032 | ---- | C] () -- C:\Users\XXXX\Documents\peoleo lol.cad
[2011.11.30 15:17:01 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ubrdpm.dll
[2011.11.15 11:04:40 | 000,004,608 | ---- | C] () -- C:\Users\XXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.11 15:51:50 | 000,083,968 | ---- | C] () -- C:\Windows\System32\bvcsky.dll
[2011.11.04 17:18:04 | 000,125,952 | ---- | C] () -- C:\Windows\System32\ZLhp1600.DLL
[2011.11.02 08:24:27 | 000,000,132 | ---- | C] () -- C:\Windows\KTEL.INI
[2011.10.03 09:02:12 | 000,000,120 | ---- | C] () -- C:\Windows\pear.ini
[2011.10.03 08:32:41 | 000,032,768 | ---- | C] () -- C:\Windows\php_yaz.dll
[2011.10.03 08:15:37 | 000,000,521 | ---- | C] () -- C:\Windows\my.ini
[2011.09.15 08:53:03 | 000,090,112 | ---- | C] () -- C:\Windows\System32\nccad432.dll
[2011.08.09 06:47:29 | 000,000,049 | ---- | C] () -- C:\Windows\PD.INI
[2011.06.23 15:26:53 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2011.06.13 12:00:04 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.13 11:56:57 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.05 15:22:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.03.17 19:21:36 | 000,337,920 | ---- | C] () -- C:\Windows\System32\ZSHP1600.EXE
[2010.09.14 07:55:13 | 000,656,266 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.09.14 07:55:13 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.09.14 07:55:13 | 000,131,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.09.14 07:55:13 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.08.05 15:00:20 | 000,361,808 | ---- | C] () -- C:\Windows\EMCRI_E.dll
[2010.08.05 14:39:30 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.08.05 14:30:52 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2010.08.05 14:30:52 | 000,037,468 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT
[2010.08.05 14:30:52 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2010.08.05 14:30:52 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat
[2010.08.05 14:30:52 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2010.08.05 14:30:52 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2010.08.05 14:30:52 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010.08.05 14:30:52 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2010.08.05 14:30:52 | 000,000,024 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2010.01.31 12:06:18 | 000,008,046 | ---- | C] () -- C:\Program Files\Common Files\setupBanner.jpg
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,535,376 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,618,108 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,107,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.04.14 17:07:42 | 000,037,607 | ---- | C] () -- C:\Program Files\Common Files\license.rtf
[2009.04.09 13:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2002.06.06 02:01:58 | 000,029,696 | ---- | C] () -- C:\Windows\System32\asutl8.dll
 
========== LOP Check ==========
 
[2011.11.11 15:51:49 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\7art
[2011.12.30 14:37:07 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Anvil Studio
[2011.11.13 14:47:47 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Avid
[2011.11.13 16:00:50 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\bvcsky
[2011.06.24 12:14:20 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DAEMON Tools Lite
[2011.12.02 17:38:58 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DieBuecherei
[2011.09.14 16:26:39 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\GARMIN
[2011.12.30 14:37:07 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\IrfanView
[2011.11.02 08:25:29 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\klickTel
[2011.09.15 11:21:01 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\kosy
[2011.06.11 10:31:01 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\LibreOffice
[2011.12.15 15:41:16 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Liteon
[2011.11.18 16:53:05 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\MPEG Streamclip
[2011.11.14 06:09:18 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Neuratron
[2011.09.02 11:45:49 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Roads Of Rome
[2011.12.14 12:22:48 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Rovio
[2011.07.07 14:40:08 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\SoftGrid Client
[2011.06.16 09:55:05 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Thunderbird
[2011.07.07 09:38:02 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\TP
[2011.07.05 14:58:53 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Vodafone
[2011.12.30 20:45:01 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000Core.job
[2011.12.31 16:41:55 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000UA.job
[2011.10.05 06:44:39 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.11 15:51:49 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\7art
[2011.06.06 05:53:13 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Adobe
[2011.12.30 14:37:07 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Anvil Studio
[2011.11.13 14:47:47 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Avid
[2011.11.13 16:00:50 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\bvcsky
[2011.06.24 12:14:20 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DAEMON Tools Lite
[2011.12.02 17:38:58 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DieBuecherei
[2011.09.14 16:26:39 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\GARMIN
[2011.06.05 14:32:26 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Google
[2011.06.04 13:31:10 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Identities
[2011.07.19 07:18:38 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\InstallShield
[2011.12.30 14:37:07 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\IrfanView
[2011.11.02 08:25:29 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\klickTel
[2011.09.15 11:21:01 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\kosy
[2011.06.11 10:31:01 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\LibreOffice
[2011.12.15 15:41:16 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Liteon
[2011.06.04 13:32:10 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Macromedia
[2011.12.29 18:18:09 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Malwarebytes
[2011.12.30 14:34:21 | 000,000,000 | --SD | M] -- C:\Users\XXXX\AppData\Roaming\Microsoft
[2011.11.24 05:43:50 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Mozilla
[2011.11.18 16:53:05 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\MPEG Streamclip
[2011.11.14 06:09:18 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Neuratron
[2011.11.18 14:34:26 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Real
[2011.09.02 11:45:49 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Roads Of Rome
[2011.12.14 12:22:48 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Rovio
[2011.07.07 14:40:08 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\SoftGrid Client
[2011.06.16 09:55:05 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Thunderbird
[2011.07.07 09:38:02 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\TP
[2011.12.30 14:37:10 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\vlc
[2011.07.05 14:58:53 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Vodafone
[2011.06.13 10:39:16 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.11.11 15:50:39 | 000,714,963 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\7art\Aquarium Clock\unins000.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.10.13 18:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.10.13 18:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\drivers\iaStor.sys
[2009.10.13 18:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_b12590c8dd605296\iaStor.sys
[2009.10.13 18:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\Temp\IIF2\Winall\Driver\IaStor.sys
[2009.10.13 18:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.10.13 18:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\Temp\IIF2\Winall\Driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.07.14 12:01:28 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010.07.14 12:01:28 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys
[2011.09.25 09:11:49 | 000,443,448 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll
 
<          >
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB8252$] -> Error: Cannot create file handle -> Unknown point type
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0B9176C0

< End of report >


biberbruder 31.12.2011 19:40

Hier noch der Inhalt der Extras.TxT

OTL EXTRAS Logfile:
Code:

OTL Extras logfile created on: 31.12.2011 16:48:59 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\XXXX\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,09 Mb Total Physical Memory | 332,82 Mb Available Physical Memory | 32,85% Memory free
1,99 Gb Paging File | 1,10 Gb Available in Paging File | 55,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215,79 Gb Total Space | 154,33 Gb Free Space | 71,52% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 2,63 Gb Free Space | 65,88% Space Free | Partition Type: FAT32
 
Computer Name: XXXX-PC | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0F60FD8E-3E58-4F8E-BF2C-DFA4C9987AE2}_is1" = DeLorme Send To GPS 1.2
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE88264-3437-4D18-B72C-4F5286383F9C}_is1" = Die Bücherei
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{467D4F46-B75D-4E9F-B710-D933D687B9BD}" = PDF Creator Pilot 4.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5080900B-7E07-4926-ACD2-CB083E3B66E2}" = WD SmartWare
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF22CB1-50BE-4D96-BD63-549928AC03B6}" = Anvil Studio 2011
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010
"{90140000-0017-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{0F513B77-0D84-4615-87F7-B814D1FC64F5}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.de-de_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.de-de_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OMUI.de-de_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010
"{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{90D3D490-F6C4-4F4A-971B-93D0A66F2E2E}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010
"{90140000-0101-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4733E76A-5F12-4513-9CA8-DB2540A74EDA}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.6 MUI
"{C2D47964-0E8D-4803-9F4A-BF5DC3D5A069}" = BASIC Stamp Editor v2.5.2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CEE2613D-3B53-4447-BA2D-E88C08272581}" = LibreOffice 3.3
"{D617DF82-6046-44EB-AD4A-D3423319E12C}" = Geosense for Windows
"{DE322C0B-CF1F-483E-935C-996E2D24FF23}" = klickTel Routenplaner Deutschland und Europa 2011
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite
"{E63D17F8-D9DA-479D-B9B5-0D101A03703B}_is1" = Uniboard 4
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBE64702-E893-4D55-BA5C-514AAF11CCC4}" = Sibelius 7 OpenType Fonts
"1489-3350-5074-6281" = JDownloader 0.9
"3B29FD3CCF1F5B855DA0C521597413EBABE97DFB" = ENE USB Card Reader Driver
"498B9978CE49397903524B0761200F43EC650044" = Windows-Treiberpaket - FTDI CDM Driver Package (07/12/2010 2.08.02)
"4DdeinstKey" = 4Design
"67170FB0228B69BCCBEF8CE14A76953A5505D8EA" = Windows-Treiberpaket - FTDI CDM Driver Package (07/12/2010 2.08.02)
"7art Aquarium Clock Screensaver_is1" = 7art Aquarium Clock © 7art-screensavers.com
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon Kindle" = Amazon Kindle
"AsUninst.exe" = Anvil Studio
"DAEMON Tools Lite" = DAEMON Tools Lite
"EPSON Scanner" = EPSON Scan
"EPSON SX525WD Series" = EPSON SX525WD Series Printer Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"F8DC9DFED0912C7E47EB1446EF7E3C53D3A0942D" = Windows-Treiberpaket - Parallax Inc CDM Driver Package - Bus & VCP Driver (07/12/2010 2.08.02)
"GPL Ghostscript 9.04" = GPL Ghostscript
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Identity Card" = Identity Card
"InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"IrfanView" = IrfanView (remove only)
"iSkysoft Video Converter_is1" = iSkysoft Video Converter(Build 2.0.0.11)
"Lateinische Ausgangsschrift LA_is1" = Pelikan Schulschriften
"Licking Dog Screen Clean Screensaver" = Licking Dog Screen Clean Screensaver
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"Navit" = Navit
"nccad7.5" = nccad7.5
"nccad8.0" = nccad8.0
"Neuratron PhotoScore Lite Demo" = Neuratron PhotoScore Lite Demo
"Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"Rainlendar2" = Rainlendar2 (remove only)
"RealPlayer 15.0" = RealPlayer
"Sibelius 7.0.0.23_is1" = Sibelius 7.0.0.23
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.12.2011 03:45:06 | Computer Name = XXXX-PC | Source = Google Update | ID = 20
Description =
 
Error - 29.12.2011 04:05:42 | Computer Name = XXXX-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 29.12.2011 04:06:14 | Computer Name = XXXX-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 29.12.2011 06:03:53 | Computer Name = XXXX-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gmer.exe, Version: 1.0.15.15641,
Zeitstempel: 0x4e21f2b1  Name des fehlerhaften Moduls: gmer.exe, Version: 1.0.15.15641,
 Zeitstempel: 0x4e21f2b1  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000c676  ID des fehlerhaften
 Prozesses: 0xf4c  Startzeit der fehlerhaften Anwendung: 0x01ccc610d190f626  Pfad der
 fehlerhaften Anwendung: C:\Users\XXXX\Desktop\gmer.exe  Pfad des fehlerhaften Moduls:
 C:\Users\XXXX\Desktop\gmer.exe  Berichtskennung: 691711fe-3204-11e1-b829-88ae1d9d1ed7
 
Error - 29.12.2011 11:24:55 | Computer Name = XXXX-PC | Source = Google Update | ID = 20
Description =
 
Error - 29.12.2011 18:45:08 | Computer Name = XXXX-PC | Source = Google Update | ID = 20
Description =
 
Error - 29.12.2011 19:42:04 | Computer Name = XXXX-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 29.12.2011 19:43:24 | Computer Name = XXXX-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 29.12.2011 21:45:07 | Computer Name = XXXX-PC | Source = Google Update | ID = 20
Description =
 
Error - 30.12.2011 00:45:06 | Computer Name = XXXX-PC | Source = Google Update | ID = 20
Description =
 
[ System Events ]
Error - 26.09.2011 23:35:12 | Computer Name = XXXX-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.    Funktion: %%835    Fehlercode:
0x80004005    Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 27.09.2011 00:54:47 | Computer Name = XXXX-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.    Funktion: %%835    Fehlercode:
0x80004005    Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 27.09.2011 01:47:24 | Computer Name = XXXX-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.    Funktion: %%835    Fehlercode:
0x80004005    Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 28.09.2011 01:23:54 | Computer Name = XXXX-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.    Funktion: %%835    Fehlercode:
0x80004005    Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 28.09.2011 01:54:24 | Computer Name = XXXX-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.    Funktion: %%835    Fehlercode:
0x80004005    Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 28.09.2011 05:55:35 | Computer Name = XXXX-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.    Funktion: %%835    Fehlercode:
0x80004005    Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 28.09.2011 05:58:53 | Computer Name = XXXX-PC | Source = bowser | ID = 8003
Description =
 
Error - 28.09.2011 06:10:52 | Computer Name = XXXX-PC | Source = bowser | ID = 8003
Description =
 
Error - 28.09.2011 08:11:55 | Computer Name = XXXX-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.    Funktion: %%835    Fehlercode:
0x80004005    Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 29.09.2011 02:00:50 | Computer Name = XXXX-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.    Funktion: %%835    Fehlercode:
0x80004005    Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
 
< End of report >

--- --- ---

cosinus 02.01.2012 11:16

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50611p015l0454ww35w4752u491
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50611p015l0454ww35w4752u491
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50611p015l0454ww35w4752u491
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Google.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/ig"
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DeLorme Send To GPS) - {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Programme\DeLorme\SendToGPS\PNPluginForIE.dll (DeLorme)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKCU..\Run: [Facebook Update] C:\Users\XXXX\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [MediaGet2] C:\Users\XXXX\AppData\Local\MediaGet2\mediaget.exe --minimized File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.08.09 06:48:07 | 000,000,001 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.08.09 06:48:07 | 000,000,048 | ---- | M] () - C:\AUTOEXEC.NT -- [ NTFS ]
O33 - MountPoints2\{4cfbd12c-e343-11e0-9fe2-0026c77973a6}\Shell - "" = AutoRun
O33 - MountPoints2\{4cfbd12c-e343-11e0-9fe2-0026c77973a6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{74697c76-b871-11e0-af41-88ae1d9d1ed7}\Shell - "" = AutoRun
O33 - MountPoints2\{74697c76-b871-11e0-af41-88ae1d9d1ed7}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{d40ab779-a70d-11e0-ad8f-88ae1d9d1ed7}\Shell - "" = AutoRun
O33 - MountPoints2\{d40ab779-a70d-11e0-ad8f-88ae1d9d1ed7}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0B9176C0
:Files
C:\Windows\$NtUninstallKB8252$
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

biberbruder 02.01.2012 14:22

Hi cosinus,

danke für die Hilfe, ich habe aber in der Hektik vergessen den Virenscanner (MSE) zu deaktivieren. Hier trotzdem mal das Ergebnis. Soll ich den Fix nochmals ausführen (bei ausgeschaltetem MSE?).

lg

biberbruder

Code:

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Facemoods Search" removed from browser.search.defaultenginename
Prefs.js: "Google.de" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.google.de/ig" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
C:\Programme\Microsoft Office\Office14\URLREDIR.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD}\ deleted successfully.
C:\Programme\DeLorme\SendToGPS\PNPluginForIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
C:\Users\XXXX\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MediaGet2 deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.001 moved successfully.
C:\autoexec.bat moved successfully.
C:\AUTOEXEC.NT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cfbd12c-e343-11e0-9fe2-0026c77973a6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cfbd12c-e343-11e0-9fe2-0026c77973a6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cfbd12c-e343-11e0-9fe2-0026c77973a6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cfbd12c-e343-11e0-9fe2-0026c77973a6}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74697c76-b871-11e0-af41-88ae1d9d1ed7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74697c76-b871-11e0-af41-88ae1d9d1ed7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74697c76-b871-11e0-af41-88ae1d9d1ed7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74697c76-b871-11e0-af41-88ae1d9d1ed7}\ not found.
File F:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d40ab779-a70d-11e0-ad8f-88ae1d9d1ed7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40ab779-a70d-11e0-ad8f-88ae1d9d1ed7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d40ab779-a70d-11e0-ad8f-88ae1d9d1ed7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40ab779-a70d-11e0-ad8f-88ae1d9d1ed7}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
ADS C:\ProgramData\TEMP:CDFF58FE deleted successfully.
ADS C:\ProgramData\TEMP:0B9176C0 deleted successfully.
========== FILES ==========
Folder move failed. C:\Windows\$NtUninstallKB8252$\TxR scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB8252$\systemprofile\Favorites folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Vodafone\Vodafone Mobile Connect\UserData folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Vodafone\Vodafone Mobile Connect\Temp folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Vodafone\Vodafone Mobile Connect\Log folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Vodafone\Vodafone Mobile Connect folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Vodafone folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\SoftGrid Client folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Windows folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Speech\Files\UserLexicons folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Speech\Files folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Speech folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\YIPYZ0KY folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\OZMCBW3A folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\7H7MSCRC folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\3Q55BA5O folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Adobe\Flash Player\AssetCache\6MSMKXHG folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Adobe\Flash Player\AssetCache folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Adobe\Flash Player folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Adobe folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\LocalLow\Microsoft\Silverlight folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\LocalLow\Microsoft folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\LocalLow folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\SoftGrid Client\140066.DEU-90140011-66-407 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\SoftGrid Client folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows Media\12.0 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows Media folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKUHEUZR folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6BCNWQH folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WWDTSR0W folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V2ML6UEJ folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T9QD7GRI folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L7B00WVC folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KBEX0IQM folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7U81SSK8 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\15CPIK7N folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011122920111230 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011122820111229 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011090420110905 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011090320110904 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011090220110903 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011082920110830 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011082220110829 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011082120110822 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011081920110820 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011081220110813 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011081120110812 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011080920110810 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Caches folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Portable Devices folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\MX1TTIXW folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\FXBCEF5O folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\EMWFX159 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\AX8MGCB5 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Internet Explorer folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Google\Update\Manifest\Initial folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Google\Update\Manifest folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Google\Update folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Google\Custom Buttons folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Google\CrashReports folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Google folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\RegBack scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB8252$\Journal folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB8252$ scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: XXXX
->Temp folder emptied: 511140193 bytes
->Temporary Internet Files folder emptied: 63882024 bytes
->Java cache emptied: 169274 bytes
->FireFox cache emptied: 129031009 bytes
->Flash cache emptied: 16913 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 728609514 bytes
RecycleBin emptied: 198255 bytes
 
Total Files Cleaned = 1.367,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01022012_140115

Files\Folders moved on Reboot...
Folder move failed. C:\Windows\$NtUninstallKB8252$\TxR scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Caches folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\RegBack scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\TxR scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\RegBack scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$ scheduled to be moved on reboot.
File\Folder C:\Users\XXXX\AppData\Local\Temp\OICE_9A42B645-2FD4-4A38-9FBB-D9BD604C9A89.0\DEFE982C. not found!

Registry entries deleted on Reboot...


cosinus 02.01.2012 14:34

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

biberbruder 02.01.2012 14:48

Hi cosinus,

dies ist der Report:

Code:


14:41:39.0777 2404        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
14:41:40.0103 2404        ============================================================
14:41:40.0103 2404        Current date / time: 2012/01/02 14:41:40.0103
14:41:40.0103 2404        SystemInfo:
14:41:40.0103 2404       
14:41:40.0104 2404        OS Version: 6.1.7601 ServicePack: 1.0
14:41:40.0104 2404        Product type: Workstation
14:41:40.0104 2404        ComputerName: JAAG-PC
14:41:40.0104 2404        UserName: Jaag
14:41:40.0104 2404        Windows directory: C:\Windows
14:41:40.0104 2404        System windows directory: C:\Windows
14:41:40.0105 2404        Processor architecture: Intel x86
14:41:40.0105 2404        Number of processors: 4
14:41:40.0105 2404        Page size: 0x1000
14:41:40.0105 2404        Boot type: Normal boot
14:41:40.0105 2404        ============================================================
14:41:43.0131 2404        Initialize success
14:43:29.0729 5904        ============================================================
14:43:29.0729 5904        Scan started
14:43:29.0729 5904        Mode: Manual; SigCheck; TDLFS;
14:43:29.0729 5904        ============================================================
14:43:31.0162 5904        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
14:43:31.0665 5904        1394ohci - ok
14:43:31.0781 5904        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
14:43:31.0865 5904        ACPI - ok
14:43:31.0933 5904        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
14:43:32.0116 5904        AcpiPmi - ok
14:43:32.0242 5904        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
14:43:32.0366 5904        adp94xx - ok
14:43:32.0478 5904        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
14:43:32.0607 5904        adpahci - ok
14:43:32.0717 5904        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
14:43:32.0851 5904        adpu320 - ok
14:43:33.0003 5904        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
14:43:33.0234 5904        AFD - ok
14:43:33.0348 5904        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
14:43:33.0417 5904        agp440 - ok
14:43:33.0487 5904        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
14:43:33.0600 5904        aic78xx - ok
14:43:33.0768 5904        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
14:43:33.0828 5904        aliide - ok
14:43:33.0862 5904        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
14:43:33.0943 5904        amdagp - ok
14:43:34.0047 5904        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
14:43:34.0155 5904        amdide - ok
14:43:34.0293 5904        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
14:43:34.0504 5904        AmdK8 - ok
14:43:34.0623 5904        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
14:43:34.0729 5904        AmdPPM - ok
14:43:34.0795 5904        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
14:43:34.0882 5904        amdsata - ok
14:43:35.0005 5904        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
14:43:35.0103 5904        amdsbs - ok
14:43:35.0143 5904        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
14:43:35.0201 5904        amdxata - ok
14:43:35.0258 5904        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
14:43:35.0489 5904        AppID - ok
14:43:35.0657 5904        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
14:43:35.0720 5904        arc - ok
14:43:35.0738 5904        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
14:43:35.0829 5904        arcsas - ok
14:43:35.0939 5904        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
14:43:36.0175 5904        AsyncMac - ok
14:43:36.0300 5904        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
14:43:36.0406 5904        atapi - ok
14:43:36.0557 5904        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
14:43:36.0783 5904        b06bdrv - ok
14:43:36.0903 5904        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:43:37.0012 5904        b57nd60x - ok
14:43:37.0161 5904        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
14:43:37.0326 5904        Beep - ok
14:43:37.0461 5904        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\drivers\blbdrive.sys
14:43:37.0582 5904        blbdrive - ok
14:43:37.0693 5904        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
14:43:37.0876 5904        bowser - ok
14:43:37.0971 5904        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
14:43:38.0167 5904        BrFiltLo - ok
14:43:38.0271 5904        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
14:43:38.0404 5904        BrFiltUp - ok
14:43:38.0533 5904        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
14:43:38.0712 5904        Brserid - ok
14:43:38.0814 5904        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
14:43:38.0951 5904        BrSerWdm - ok
14:43:39.0061 5904        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:43:39.0185 5904        BrUsbMdm - ok
14:43:39.0281 5904        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
14:43:39.0367 5904        BrUsbSer - ok
14:43:39.0487 5904        BthEnum        (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
14:43:39.0665 5904        BthEnum - ok
14:43:39.0767 5904        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
14:43:39.0873 5904        BTHMODEM - ok
14:43:39.0976 5904        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
14:43:40.0082 5904        BthPan - ok
14:43:40.0202 5904        BTHPORT        (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
14:43:40.0332 5904        BTHPORT - ok
14:43:40.0437 5904        BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
14:43:40.0533 5904        BTHUSB - ok
14:43:40.0599 5904        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
14:43:40.0782 5904        cdfs - ok
14:43:40.0923 5904        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
14:43:41.0033 5904        cdrom - ok
14:43:41.0171 5904        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
14:43:41.0288 5904        circlass - ok
14:43:41.0389 5904        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
14:43:41.0533 5904        CLFS - ok
14:43:41.0675 5904        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
14:43:41.0788 5904        CmBatt - ok
14:43:41.0894 5904        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
14:43:41.0965 5904        cmdide - ok
14:43:42.0026 5904        CNG            (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
14:43:42.0179 5904        CNG - ok
14:43:42.0367 5904        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
14:43:42.0423 5904        Compbatt - ok
14:43:42.0535 5904        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
14:43:42.0633 5904        CompositeBus - ok
14:43:42.0747 5904        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
14:43:42.0803 5904        crcdisk - ok
14:43:42.0943 5904        CSC            (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
14:43:43.0142 5904        CSC - ok
14:43:43.0299 5904        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
14:43:43.0426 5904        DfsC - ok
14:43:43.0538 5904        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
14:43:43.0672 5904        discache - ok
14:43:43.0795 5904        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
14:43:43.0879 5904        Disk - ok
14:43:44.0042 5904        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
14:43:44.0133 5904        drmkaud - ok
14:43:44.0294 5904        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
14:43:44.0444 5904        DXGKrnl - ok
14:43:44.0641 5904        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
14:43:44.0961 5904        ebdrv - ok
14:43:45.0106 5904        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
14:43:45.0224 5904        elxstor - ok
14:43:45.0357 5904        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
14:43:45.0446 5904        ErrDev - ok
14:43:45.0598 5904        EUCR            (4fab8dfaf156e048ad514eabd268ab3a) C:\Windows\system32\DRIVERS\EUCR6SK.SYS
14:43:45.0746 5904        EUCR - ok
14:43:45.0865 5904        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
14:43:46.0008 5904        exfat - ok
14:43:46.0040 5904        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
14:43:46.0177 5904        fastfat - ok
14:43:46.0299 5904        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
14:43:46.0409 5904        fdc - ok
14:43:46.0501 5904        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
14:43:46.0614 5904        FileInfo - ok
14:43:46.0726 5904        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
14:43:46.0863 5904        Filetrace - ok
14:43:46.0997 5904        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
14:43:47.0078 5904        flpydisk - ok
14:43:47.0180 5904        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
14:43:47.0318 5904        FltMgr - ok
14:43:47.0445 5904        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
14:43:47.0527 5904        FsDepends - ok
14:43:47.0568 5904        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
14:43:47.0634 5904        Fs_Rec - ok
14:43:47.0751 5904        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
14:43:47.0862 5904        fvevol - ok
14:43:47.0904 5904        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
14:43:47.0982 5904        gagp30kx - ok
14:43:48.0112 5904        grmnusb        (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys
14:43:48.0268 5904        grmnusb - ok
14:43:48.0407 5904        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
14:43:48.0562 5904        hcw85cir - ok
14:43:48.0687 5904        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
14:43:48.0816 5904        HdAudAddService - ok
14:43:48.0938 5904        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
14:43:49.0033 5904        HDAudBus - ok
14:43:49.0074 5904        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
14:43:49.0181 5904        HidBatt - ok
14:43:49.0286 5904        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
14:43:49.0404 5904        HidBth - ok
14:43:49.0518 5904        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
14:43:49.0614 5904        HidIr - ok
14:43:49.0740 5904        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
14:43:49.0813 5904        HidUsb - ok
14:43:49.0860 5904        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
14:43:49.0965 5904        HpSAMD - ok
14:43:50.0077 5904        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
14:43:50.0269 5904        HTTP - ok
14:43:50.0319 5904        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
14:43:50.0372 5904        hwpolicy - ok
14:43:50.0509 5904        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
14:43:50.0613 5904        i8042prt - ok
14:43:50.0746 5904        iaStor          (0baa4115dfffd6a6d809a89d65e1281a) C:\Windows\system32\drivers\iaStor.sys
14:43:50.0915 5904        iaStor - ok
14:43:51.0034 5904        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
14:43:51.0149 5904        iaStorV - ok
14:43:51.0360 5904        igfx            (d0074897c6bc132f3980ea4654bf7fb9) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:43:51.0760 5904        igfx - ok
14:43:51.0869 5904        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
14:43:51.0930 5904        iirsp - ok
14:43:52.0086 5904        IntcAzAudAddService (2a1acec9da72b39188f007437da3b008) C:\Windows\system32\drivers\RTKVHDA.sys
14:43:52.0350 5904        IntcAzAudAddService - ok
14:43:52.0441 5904        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
14:43:52.0531 5904        intelide - ok
14:43:52.0794 5904        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
14:43:52.0897 5904        intelppm - ok
14:43:53.0014 5904        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:43:53.0145 5904        IpFilterDriver - ok
14:43:53.0276 5904        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
14:43:53.0392 5904        IPMIDRV - ok
14:43:53.0510 5904        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
14:43:53.0659 5904        IPNAT - ok
14:43:53.0793 5904        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
14:43:53.0940 5904        IRENUM - ok
14:43:54.0055 5904        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
14:43:54.0119 5904        isapnp - ok
14:43:54.0155 5904        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
14:43:54.0252 5904        iScsiPrt - ok
14:43:54.0381 5904        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:43:54.0453 5904        kbdclass - ok
14:43:54.0503 5904        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
14:43:54.0643 5904        kbdhid - ok
14:43:54.0754 5904        KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
14:43:54.0848 5904        KSecDD - ok
14:43:54.0892 5904        KSecPkg        (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
14:43:54.0966 5904        KSecPkg - ok
14:43:55.0070 5904        L1C            (12de252a44c344a7a044b3c1190df63b) C:\Windows\system32\DRIVERS\L1C62x86.sys
14:43:55.0125 5904        L1C - ok
14:43:55.0251 5904        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
14:43:55.0380 5904        lltdio - ok
14:43:55.0455 5904        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
14:43:55.0544 5904        LSI_FC - ok
14:43:55.0665 5904        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
14:43:55.0728 5904        LSI_SAS - ok
14:43:55.0754 5904        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
14:43:55.0816 5904        LSI_SAS2 - ok
14:43:55.0845 5904        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
14:43:55.0908 5904        LSI_SCSI - ok
14:43:55.0948 5904        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
14:43:56.0128 5904        luafv - ok
14:43:56.0240 5904        massfilter      (f0435fe3c1ec2659d2bbf073ca0752ee) C:\Windows\system32\DRIVERS\massfilter.sys
14:43:56.0347 5904        massfilter - ok
14:43:56.0469 5904        MBAMProtector  (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
14:43:56.0566 5904        MBAMProtector - ok
14:43:56.0716 5904        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
14:43:56.0791 5904        megasas - ok
14:43:56.0862 5904        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
14:43:56.0937 5904        MegaSR - ok
14:43:57.0053 5904        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
14:43:57.0188 5904        Modem - ok
14:43:57.0314 5904        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
14:43:57.0404 5904        monitor - ok
14:43:57.0448 5904        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
14:43:57.0519 5904        mouclass - ok
14:43:57.0625 5904        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
14:43:57.0699 5904        mouhid - ok
14:43:57.0742 5904        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
14:43:57.0827 5904        mountmgr - ok
14:43:57.0933 5904        MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
14:43:58.0040 5904        MpFilter - ok
14:43:58.0074 5904        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
14:43:58.0185 5904        mpio - ok
14:43:58.0290 5904        MpKsl03a4c6da - ok
14:43:58.0337 5904        MpKsl0415a17a - ok
14:43:58.0489 5904        MpKsl0ce4fbda - ok
14:43:58.0585 5904        MpKsl0fec7b90 - ok
14:43:58.0650 5904        MpKsl196bd21b - ok
14:43:58.0760 5904        MpKsl2607df49 - ok
14:43:58.0870 5904        MpKsl264939d0 - ok
14:43:58.0995 5904        MpKsl29daf26c - ok
14:43:59.0105 5904        MpKsl2ff64951 - ok
14:43:59.0215 5904        MpKsl3157fefe - ok
14:43:59.0314 5904        MpKsl32784dd6 - ok
14:43:59.0371 5904        MpKsl39de850c - ok
14:43:59.0415 5904        MpKsl3b15d3df - ok
14:43:59.0534 5904        MpKsl3b20d1df - ok
14:43:59.0758 5904        MpKsl3d91ac19  (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0EBD368F-E828-457E-BDC1-CBB385C672EC}\MpKsl3d91ac19.sys
14:43:59.0877 5904        MpKsl3d91ac19 - ok
14:43:59.0949 5904        MpKsl42ad931c - ok
14:44:00.0015 5904        MpKsl4b58eb93 - ok
14:44:00.0064 5904        MpKsl530ba384 - ok
14:44:00.0124 5904        MpKsl56cbc87c - ok
14:44:00.0183 5904        MpKsl591c3512 - ok
14:44:00.0278 5904        MpKsl5dd51386 - ok
14:44:00.0333 5904        MpKsl60a39861 - ok
14:44:00.0377 5904        MpKsl66ddca17 - ok
14:44:00.0406 5904        MpKsl73a19290 - ok
14:44:00.0454 5904        MpKsl8250f1ca - ok
14:44:00.0496 5904        MpKsl87dd9996 - ok
14:44:00.0524 5904        MpKsl8c8877d0 - ok
14:44:00.0556 5904        MpKsl9adc85e3 - ok
14:44:00.0654 5904        MpKsla2d8ff97  (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0EBD368F-E828-457E-BDC1-CBB385C672EC}\MpKsla2d8ff97.sys
14:44:00.0724 5904        MpKsla2d8ff97 - ok
14:44:00.0747 5904        MpKslabc6275f - ok
14:44:00.0779 5904        MpKslacd9d4c8 - ok
14:44:00.0839 5904        MpKslad072f99 - ok
14:44:00.0861 5904        MpKslafa01a84 - ok
14:44:00.0887 5904        MpKslbed8239e - ok
14:44:00.0914 5904        MpKslcf848c6c - ok
14:44:00.0931 5904        MpKsld47cdf20 - ok
14:44:00.0954 5904        MpKsld6316ddf - ok
14:44:01.0006 5904        MpKsld7678723 - ok
14:44:01.0029 5904        MpKslf78ff9e9 - ok
14:44:01.0051 5904        MpKslf96a787e - ok
14:44:01.0144 5904        MpNWMon        (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
14:44:01.0238 5904        MpNWMon - ok
14:44:01.0284 5904        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
14:44:01.0419 5904        mpsdrv - ok
14:44:01.0614 5904        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
14:44:01.0749 5904        MRxDAV - ok
14:44:01.0844 5904        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:44:01.0981 5904        mrxsmb - ok
14:44:02.0086 5904        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:44:02.0193 5904        mrxsmb10 - ok
14:44:02.0315 5904        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:44:02.0418 5904        mrxsmb20 - ok
14:44:02.0528 5904        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
14:44:02.0600 5904        msahci - ok
14:44:02.0701 5904        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
14:44:02.0796 5904        msdsm - ok
14:44:02.0918 5904        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
14:44:03.0022 5904        Msfs - ok
14:44:03.0077 5904        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
14:44:03.0175 5904        mshidkmdf - ok
14:44:03.0236 5904        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
14:44:03.0291 5904        msisadrv - ok
14:44:03.0421 5904        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
14:44:03.0553 5904        MSKSSRV - ok
14:44:03.0705 5904        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
14:44:03.0832 5904        MSPCLOCK - ok
14:44:03.0949 5904        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
14:44:04.0073 5904        MSPQM - ok
14:44:04.0169 5904        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
14:44:04.0236 5904        MsRPC - ok
14:44:04.0303 5904        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
14:44:04.0393 5904        mssmbios - ok
14:44:04.0540 5904        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
14:44:04.0658 5904        MSTEE - ok
14:44:04.0746 5904        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
14:44:04.0824 5904        MTConfig - ok
14:44:04.0884 5904        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
14:44:04.0952 5904        Mup - ok
14:44:05.0052 5904        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
14:44:05.0188 5904        NativeWifiP - ok
14:44:05.0300 5904        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
14:44:05.0458 5904        NDIS - ok
14:44:05.0626 5904        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
14:44:05.0757 5904        NdisCap - ok
14:44:05.0862 5904        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
14:44:05.0996 5904        NdisTapi - ok
14:44:06.0109 5904        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
14:44:06.0244 5904        Ndisuio - ok
14:44:06.0294 5904        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
14:44:06.0447 5904        NdisWan - ok
14:44:06.0560 5904        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
14:44:06.0695 5904        NDProxy - ok
14:44:06.0816 5904        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
14:44:06.0952 5904        NetBIOS - ok
14:44:06.0990 5904        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
14:44:07.0190 5904        NetBT - ok
14:44:07.0536 5904        NETw5s32        (a520aed8926ad6185031b9b18f55397e) C:\Windows\system32\DRIVERS\NETw5s32.sys
14:44:07.0992 5904        NETw5s32 - ok
14:44:08.0115 5904        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
14:44:08.0183 5904        nfrd960 - ok
14:44:08.0250 5904        NisDrv          (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:44:08.0346 5904        NisDrv - ok
14:44:08.0455 5904        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
14:44:08.0581 5904        Npfs - ok
14:44:08.0641 5904        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
14:44:08.0747 5904        nsiproxy - ok
14:44:08.0819 5904        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
14:44:09.0190 5904        Ntfs - ok
14:44:09.0291 5904        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
14:44:09.0406 5904        Null - ok
14:44:09.0502 5904        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
14:44:09.0571 5904        nvraid - ok
14:44:09.0628 5904        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
14:44:09.0698 5904        nvstor - ok
14:44:09.0824 5904        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
14:44:09.0900 5904        nv_agp - ok
14:44:10.0013 5904        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
14:44:10.0130 5904        ohci1394 - ok
14:44:10.0312 5904        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
14:44:10.0401 5904        Parport - ok
14:44:10.0455 5904        partmgr        (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
14:44:10.0522 5904        partmgr - ok
14:44:10.0591 5904        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
14:44:10.0671 5904        Parvdm - ok
14:44:10.0750 5904        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
14:44:10.0824 5904        pci - ok
14:44:10.0876 5904        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
14:44:10.0929 5904        pciide - ok
14:44:10.0970 5904        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
14:44:11.0048 5904        pcmcia - ok
14:44:11.0077 5904        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
14:44:11.0137 5904        pcw - ok
14:44:11.0188 5904        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
14:44:11.0374 5904        PEAUTH - ok
14:44:11.0574 5904        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
14:44:11.0707 5904        PptpMiniport - ok
14:44:11.0744 5904        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
14:44:11.0831 5904        Processor - ok
14:44:11.0966 5904        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
14:44:12.0102 5904        Psched - ok
14:44:12.0258 5904        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
14:44:12.0419 5904        ql2300 - ok
14:44:12.0464 5904        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
14:44:12.0549 5904        ql40xx - ok
14:44:12.0605 5904        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
14:44:12.0680 5904        QWAVEdrv - ok
14:44:12.0743 5904        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
14:44:12.0890 5904        RasAcd - ok
14:44:12.0954 5904        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:44:13.0105 5904        RasAgileVpn - ok
14:44:13.0215 5904        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:44:13.0344 5904        Rasl2tp - ok
14:44:13.0478 5904        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
14:44:13.0595 5904        RasPppoe - ok
14:44:13.0628 5904        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
14:44:13.0762 5904        RasSstp - ok
14:44:13.0877 5904        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
14:44:14.0051 5904        rdbss - ok
14:44:14.0166 5904        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
14:44:14.0258 5904        rdpbus - ok
14:44:14.0374 5904        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:44:14.0494 5904        RDPCDD - ok
14:44:14.0616 5904        RDPDR          (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
14:44:14.0799 5904        RDPDR - ok
14:44:14.0923 5904        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
14:44:15.0041 5904        RDPENCDD - ok
14:44:15.0084 5904        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
14:44:15.0195 5904        RDPREFMP - ok
14:44:15.0359 5904        RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
14:44:15.0540 5904        RdpVideoMiniport - ok
14:44:15.0643 5904        RDPWD          (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
14:44:15.0757 5904        RDPWD - ok
14:44:15.0812 5904        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
14:44:15.0900 5904        rdyboost - ok
14:44:16.0015 5904        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
14:44:16.0120 5904        RFCOMM - ok
14:44:16.0273 5904        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
14:44:16.0399 5904        rspndr - ok
14:44:16.0542 5904        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
14:44:16.0610 5904        sbp2port - ok
14:44:16.0665 5904        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
14:44:16.0786 5904        scfilter - ok
14:44:16.0931 5904        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:44:17.0083 5904        secdrv - ok
14:44:17.0235 5904        Ser2pl          (b97e1d0e59a128394f24e9f31e227ef2) C:\Windows\system32\DRIVERS\ser2pl.sys
14:44:17.0325 5904        Ser2pl - ok
14:44:17.0431 5904        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
14:44:17.0515 5904        Serenum - ok
14:44:17.0561 5904        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
14:44:17.0744 5904        Serial - ok
14:44:17.0851 5904        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
14:44:17.0952 5904        sermouse - ok
14:44:18.0097 5904        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
14:44:18.0221 5904        sffdisk - ok
14:44:18.0325 5904        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
14:44:18.0431 5904        sffp_mmc - ok
14:44:18.0543 5904        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
14:44:18.0637 5904        sffp_sd - ok
14:44:18.0746 5904        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
14:44:18.0846 5904        sfloppy - ok
14:44:18.0992 5904        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
14:44:19.0084 5904        sisagp - ok
14:44:19.0181 5904        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
14:44:19.0238 5904        SiSRaid2 - ok
14:44:19.0262 5904        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
14:44:19.0329 5904        SiSRaid4 - ok
14:44:19.0363 5904        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
14:44:19.0484 5904        Smb - ok
14:44:19.0541 5904        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
14:44:19.0618 5904        spldr - ok
14:44:19.0784 5904        sptd            (8ea0fd60a5b047e0c734d51aace531c9) C:\Windows\System32\Drivers\sptd.sys
14:44:19.0785 5904        Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 8ea0fd60a5b047e0c734d51aace531c9
14:44:19.0788 5904        sptd ( LockedFile.Multi.Generic ) - warning
14:44:19.0788 5904        sptd - detected LockedFile.Multi.Generic (1)
14:44:19.0841 5904        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
14:44:20.0002 5904        srv - ok
14:44:20.0120 5904        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
14:44:20.0203 5904        srv2 - ok
14:44:20.0236 5904        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
14:44:20.0340 5904        srvnet - ok
14:44:20.0455 5904        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
14:44:20.0511 5904        stexstor - ok
14:44:20.0558 5904        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
14:44:20.0619 5904        swenum - ok
14:44:20.0661 5904        Synth3dVsc - ok
14:44:20.0721 5904        SynTP          (5cdd124913e91c7f79b4d5cae1c7c4de) C:\Windows\system32\DRIVERS\SynTP.sys
14:44:20.0792 5904        SynTP - ok
14:44:20.0978 5904        Tcpip          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
14:44:21.0154 5904        Tcpip - ok
14:44:21.0318 5904        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
14:44:21.0469 5904        TCPIP6 - ok
14:44:21.0579 5904        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
14:44:21.0696 5904        tcpipreg - ok
14:44:21.0757 5904        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
14:44:21.0876 5904        TDPIPE - ok
14:44:21.0967 5904        TDTCP          (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
14:44:22.0081 5904        TDTCP - ok
14:44:22.0168 5904        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
14:44:22.0283 5904        tdx - ok
14:44:22.0320 5904        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
14:44:22.0403 5904        TermDD - ok
14:44:22.0576 5904        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:44:22.0687 5904        tssecsrv - ok
14:44:22.0815 5904        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
14:44:23.0018 5904        TsUsbFlt - ok
14:44:23.0108 5904        tsusbhub - ok
14:44:23.0179 5904        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
14:44:23.0306 5904        tunnel - ok
14:44:23.0425 5904        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
14:44:23.0495 5904        uagp35 - ok
14:44:23.0539 5904        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
14:44:23.0675 5904        udfs - ok
14:44:23.0853 5904        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
14:44:23.0925 5904        uliagpkx - ok
14:44:24.0027 5904        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
14:44:24.0123 5904        umbus - ok
14:44:24.0241 5904        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
14:44:24.0317 5904        UmPass - ok
14:44:24.0398 5904        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
14:44:24.0525 5904        usbccgp - ok
14:44:24.0637 5904        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
14:44:24.0733 5904        usbcir - ok
14:44:24.0784 5904        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
14:44:24.0869 5904        usbehci - ok
14:44:24.0980 5904        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
14:44:25.0102 5904        usbhub - ok
14:44:25.0214 5904        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
14:44:25.0298 5904        usbohci - ok
14:44:25.0414 5904        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
14:44:25.0566 5904        usbprint - ok
14:44:25.0686 5904        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
14:44:25.0780 5904        usbscan - ok
14:44:25.0828 5904        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:44:25.0947 5904        USBSTOR - ok
14:44:26.0047 5904        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
14:44:26.0128 5904        usbuhci - ok
14:44:26.0189 5904        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
14:44:26.0289 5904        usbvideo - ok
14:44:26.0426 5904        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
14:44:26.0489 5904        vdrvroot - ok
14:44:26.0572 5904        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
14:44:26.0665 5904        vga - ok
14:44:26.0772 5904        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
14:44:26.0892 5904        VgaSave - ok
14:44:26.0910 5904        VGPU - ok
14:44:26.0968 5904        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
14:44:27.0040 5904        vhdmp - ok
14:44:27.0168 5904        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
14:44:27.0238 5904        viaagp - ok
14:44:27.0278 5904        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
14:44:27.0364 5904        ViaC7 - ok
14:44:27.0414 5904        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
14:44:27.0499 5904        viaide - ok
14:44:27.0624 5904        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
14:44:27.0697 5904        volmgr - ok
14:44:27.0739 5904        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
14:44:27.0823 5904        volmgrx - ok
14:44:27.0878 5904        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
14:44:27.0965 5904        volsnap - ok
14:44:28.0018 5904        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
14:44:28.0089 5904        vsmraid - ok
14:44:28.0128 5904        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
14:44:28.0214 5904        vwifibus - ok
14:44:28.0260 5904        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
14:44:28.0337 5904        vwififlt - ok
14:44:28.0428 5904        vwifimp        (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
14:44:28.0515 5904        vwifimp - ok
14:44:28.0576 5904        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
14:44:28.0677 5904        WacomPen - ok
14:44:28.0799 5904        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:44:28.0937 5904        WANARP - ok
14:44:28.0955 5904        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:44:29.0069 5904        Wanarpv6 - ok
14:44:29.0295 5904        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
14:44:29.0352 5904        Wd - ok
14:44:29.0404 5904        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:44:29.0497 5904        Wdf01000 - ok
14:44:29.0706 5904        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
14:44:29.0833 5904        WfpLwf - ok
14:44:30.0096 5904        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
14:44:30.0163 5904        WIMMount - ok
14:44:30.0386 5904        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
14:44:30.0467 5904        WmiAcpi - ok
14:44:30.0730 5904        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
14:44:30.0864 5904        ws2ifsl - ok
14:44:31.0012 5904        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
14:44:31.0149 5904        WudfPf - ok
14:44:31.0267 5904        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:44:31.0377 5904        WUDFRd - ok
14:44:31.0530 5904        ZTEusbmdm6k    (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
14:44:31.0675 5904        ZTEusbmdm6k - ok
14:44:31.0774 5904        ZTEusbnet      (9862f9d2ff50ae748ed42c022e6aac15) C:\Windows\system32\DRIVERS\ZTEusbnet.sys
14:44:31.0907 5904        ZTEusbnet - ok
14:44:32.0019 5904        ZTEusbnmea      (f16ce3c7690ab7426dc96520d54a737e) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
14:44:32.0192 5904        ZTEusbnmea - ok
14:44:32.0302 5904        ZTEusbser6k    (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
14:44:32.0389 5904        ZTEusbser6k - ok
14:44:32.0430 5904        ZTEusbvoice    (f16ce3c7690ab7426dc96520d54a737e) C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
14:44:32.0521 5904        ZTEusbvoice - ok
14:44:32.0598 5904        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:44:32.0826 5904        \Device\Harddisk0\DR0 - ok
14:44:32.0843 5904        Boot (0x1200)  (a06662882eb9310df21722fe53a799e9) \Device\Harddisk0\DR0\Partition0
14:44:32.0845 5904        \Device\Harddisk0\DR0\Partition0 - ok
14:44:32.0861 5904        Boot (0x1200)  (00fbd6a8de93ed48f849a37cbe59a8f8) \Device\Harddisk0\DR0\Partition1
14:44:32.0863 5904        \Device\Harddisk0\DR0\Partition1 - ok
14:44:32.0882 5904        Boot (0x1200)  (886be5f3db714a0808fbd86a07cf5a56) \Device\Harddisk0\DR0\Partition2
14:44:32.0885 5904        \Device\Harddisk0\DR0\Partition2 - ok
14:44:32.0886 5904        ============================================================
14:44:32.0886 5904        Scan finished
14:44:32.0886 5904        ============================================================
14:44:32.0923 4236        Detected object count: 1
14:44:32.0923 4236        Actual detected object count: 1
14:44:48.0028 4236        sptd ( LockedFile.Multi.Generic ) - skipped by user
14:44:48.0028 4236        sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Sieht gar nicht so schlecht aus, oder?

cosinus 02.01.2012 15:07

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

biberbruder 02.01.2012 16:11

Hi cosinus,

hier der Bericht von CF:

Combofix Logfile:
Code:

ComboFix 12-01-02.01 - XXXX 02.01.2012  15:26:17.1.4 - x86
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.1013.388 [GMT 1:00]
ausgeführt von:: c:\users\XXXX\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\XXXX\Documents\~WRL0003.tmp
c:\windows\$NtUninstallKB8252$
c:\windows\$NtUninstallKB8252$\3152536925
c:\windows\$NtUninstallKB8252$\3954193523\@
c:\windows\$NtUninstallKB8252$\3954193523\L\xadqgnnk
c:\windows\$NtUninstallKB8252$\3954193523\loader.tlb
c:\windows\$NtUninstallKB8252$\3954193523\U\@00000001
c:\windows\$NtUninstallKB8252$\3954193523\U\@000000c0
c:\windows\$NtUninstallKB8252$\3954193523\U\@000000cb
c:\windows\$NtUninstallKB8252$\3954193523\U\@000000cf
c:\windows\$NtUninstallKB8252$\3954193523\U\@80000000
c:\windows\$NtUninstallKB8252$\3954193523\U\@800000c0
c:\windows\$NtUninstallKB8252$\3954193523\U\@800000cb
c:\windows\$NtUninstallKB8252$\3954193523\U\@800000cf
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-02 bis 2012-01-02  ))))))))))))))))))))))))))))))
.
.
2012-01-02 14:44 . 2012-01-02 14:47        --------        d-----w-        c:\users\XXXX\AppData\Local\temp
2012-01-02 14:44 . 2012-01-02 14:44        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-01-02 14:35 . 2012-01-02 14:46        56200        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B23F984-7874-413C-B169-8E70F000B7DE}\offreg.dll
2012-01-02 14:35 . 2011-11-21 10:47        6823496        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B23F984-7874-413C-B169-8E70F000B7DE}\mpengine.dll
2012-01-02 14:22 . 2011-04-25 02:18        338944        ----a-w-        c:\windows\system32\drivers\afd.sys
2012-01-02 13:01 . 2012-01-02 13:01        --------        d-----w-        C:\_OTL
2011-12-31 06:18 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-12-30 19:54 . 2011-12-30 19:54        --------        d-----w-        c:\users\XXXX\AppData\Local\Amazon
2011-12-30 19:54 . 2011-12-30 19:54        --------        d-----w-        c:\program files\Amazon
2011-12-30 14:08 . 2011-11-24 04:25        2342912        ----a-w-        c:\windows\system32\win32k.sys
2011-12-30 14:08 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-12-30 14:07 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\system32\EncDec.dll
2011-12-30 14:07 . 2011-10-26 04:28        38912        ----a-w-        c:\windows\system32\csrsrv.dll
2011-12-30 14:06 . 2011-10-26 04:47        3912560        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-12-30 14:06 . 2011-10-26 04:47        3967856        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-12-30 04:56 . 2011-12-30 04:56        --------        d-----w-        c:\program files\ESET
2011-12-29 17:18 . 2011-12-29 17:18        --------        d-----w-        c:\users\XXXX\AppData\Roaming\Malwarebytes
2011-12-29 17:17 . 2011-12-29 17:17        --------        d-----w-        c:\programdata\Malwarebytes
2011-12-29 17:17 . 2011-12-31 06:18        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-12-26 18:04 . 2011-12-30 13:37        --------        d-----w-        C:\Closeall
2011-12-14 11:22 . 2011-12-14 11:22        --------        d-----w-        c:\users\XXXX\AppData\Roaming\Rovio
2011-12-14 11:20 . 2011-12-30 13:37        --------        d-----w-        c:\program files\AngryBirds
2011-12-14 09:18 . 2011-12-30 13:37        --------        d-----w-        c:\program files\Finale 2009 Demo
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-27 08:46 . 2011-11-27 08:46        1409        ----a-w-        c:\windows\QTFont.for
2011-11-21 10:47 . 2011-08-01 19:21        6823496        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-18 13:32 . 2011-11-18 13:32        499712        ----a-w-        c:\windows\system32\msvcp71.dll
2011-11-18 13:32 . 2011-11-18 13:32        348160        ----a-w-        c:\windows\system32\msvcr71.dll
2011-11-11 18:36 . 2011-06-05 14:32        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 07:30 . 2011-10-11 07:31        703824        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91F289DD-5888-4D1D-A290-EC24EF7F5FB1}\gapaengine.dll
2010-03-31 09:09 . 2010-03-31 09:09        10437264        ----a-w-        c:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 11:36 . 2010-04-08 11:36        107760        ----a-w-        c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2011-11-10 05:35 . 2011-06-05 14:21        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-22 9292392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-16 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-11-18 296056]
"Uniboard virtual printer agent"="c:\program files\Uniboard 4\ubrdagent.exe" [2009-08-27 94208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]
2010-06-11 12:28        715296        ----a-w-        c:\program files\Acer\Acer ePower Management\ePowerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AndroidManager]
2010-01-08 09:47        508280        ----a-w-        c:\program files\Acer\Android Manager\AML.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus SX525WD(Netzwerk)]
2011-07-19 06:02        201216        ----a-w-        c:\windows\System32\spool\drivers\w32x86\3\E_FATIGAE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-20 17:47        136176        ----atw-        c:\users\XXXX\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPatchData]
2010-11-30 02:13        489848        ----a-w-        c:\program files\Acer\Updater\iUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSyncData]
2010-01-08 09:53        407416        ----a-w-        c:\program files\Acer\Android Manager\iSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2010-06-22 06:34        968272        ----a-w-        c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2009-04-20 16:20        2327552        ----a-w-        c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59        254696        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 MpKsl03a4c6da;MpKsl03a4c6da;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C195B4E7-D3D0-4BD3-ADC8-ACAD45D99179}\MpKsl03a4c6da.sys [x]
R1 MpKsl0415a17a;MpKsl0415a17a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7CAFB7B-B1A4-4BC6-965D-53A2EBFF0EC6}\MpKsl0415a17a.sys [x]
R1 MpKsl0ce4fbda;MpKsl0ce4fbda;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{226C1614-04E9-4FA7-8A85-43351DF1452E}\MpKsl0ce4fbda.sys [x]
R1 MpKsl0fec7b90;MpKsl0fec7b90;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5363F6DE-C0E9-42E1-9D19-A6A03AF97927}\MpKsl0fec7b90.sys [x]
R1 MpKsl196bd21b;MpKsl196bd21b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F583F41C-7C3C-428A-9F94-0241211680EA}\MpKsl196bd21b.sys [x]
R1 MpKsl2607df49;MpKsl2607df49;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC8F7EFF-663D-47CA-8E8D-A2F08CB20CA1}\MpKsl2607df49.sys [x]
R1 MpKsl264939d0;MpKsl264939d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44B8F922-8674-4361-9D4A-6F7BC90D132A}\MpKsl264939d0.sys [x]
R1 MpKsl29daf26c;MpKsl29daf26c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{739B6494-E1F8-4F3E-A4AD-2635939D4307}\MpKsl29daf26c.sys [x]
R1 MpKsl2ff64951;MpKsl2ff64951;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44B8F922-8674-4361-9D4A-6F7BC90D132A}\MpKsl2ff64951.sys [x]
R1 MpKsl3157fefe;MpKsl3157fefe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8F9B1DF-A4A6-4053-B1B5-AFF15E5610BA}\MpKsl3157fefe.sys [x]
R1 MpKsl32784dd6;MpKsl32784dd6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{739B6494-E1F8-4F3E-A4AD-2635939D4307}\MpKsl32784dd6.sys [x]
R1 MpKsl39de850c;MpKsl39de850c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DA91449-AF5F-49CD-BB42-57A9A5FC96A0}\MpKsl39de850c.sys [x]
R1 MpKsl3b15d3df;MpKsl3b15d3df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0CD785C-CEC5-4269-A8C0-02BE77C7276A}\MpKsl3b15d3df.sys [x]
R1 MpKsl3b20d1df;MpKsl3b20d1df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9247875B-6B15-4054-94B1-36A342ACCA51}\MpKsl3b20d1df.sys [x]
R1 MpKsl42ad931c;MpKsl42ad931c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4314C7D-B49C-4236-8AF5-4AF0A1CB514C}\MpKsl42ad931c.sys [x]
R1 MpKsl4b58eb93;MpKsl4b58eb93;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8F9B1DF-A4A6-4053-B1B5-AFF15E5610BA}\MpKsl4b58eb93.sys [x]
R1 MpKsl530ba384;MpKsl530ba384;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B655E456-CA33-44A9-876F-2566EF045783}\MpKsl530ba384.sys [x]
R1 MpKsl56cbc87c;MpKsl56cbc87c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7BAF7D75-2455-4C12-B3DB-2627F7E0C222}\MpKsl56cbc87c.sys [x]
R1 MpKsl591c3512;MpKsl591c3512;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2309F098-9DF0-4428-A04B-4E4C3A860FA9}\MpKsl591c3512.sys [x]
R1 MpKsl5dd51386;MpKsl5dd51386;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C195B4E7-D3D0-4BD3-ADC8-ACAD45D99179}\MpKsl5dd51386.sys [x]
R1 MpKsl60a39861;MpKsl60a39861;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A559CAC5-CCC0-44CA-BD53-7D16E39A2950}\MpKsl60a39861.sys [x]
R1 MpKsl66ddca17;MpKsl66ddca17;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDFA5914-EF9B-4DCD-AF44-8A45F460628E}\MpKsl66ddca17.sys [x]
R1 MpKsl73a19290;MpKsl73a19290;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31463DE6-8107-4DCB-A1B2-7E1C67449C78}\MpKsl73a19290.sys [x]
R1 MpKsl8250f1ca;MpKsl8250f1ca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EE7DB756-E1A3-4734-971D-0224EF1824FB}\MpKsl8250f1ca.sys [x]
R1 MpKsl87dd9996;MpKsl87dd9996;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DA91449-AF5F-49CD-BB42-57A9A5FC96A0}\MpKsl87dd9996.sys [x]
R1 MpKsl8c8877d0;MpKsl8c8877d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10975C14-CC0D-4EC9-BB16-8B882079BDBB}\MpKsl8c8877d0.sys [x]
R1 MpKsl9adc85e3;MpKsl9adc85e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CB37EA3-803A-4B4F-B500-D2E904DEB5FF}\MpKsl9adc85e3.sys [x]
R1 MpKslabc6275f;MpKslabc6275f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E30EB4AE-B0CC-4648-9C99-937033DE171F}\MpKslabc6275f.sys [x]
R1 MpKslacd9d4c8;MpKslacd9d4c8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A3880D1-C127-41E7-B79E-8A7A1D077D23}\MpKslacd9d4c8.sys [x]
R1 MpKslad072f99;MpKslad072f99;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F71A4E9C-600F-4777-A00A-86BDF0B458C1}\MpKslad072f99.sys [x]
R1 MpKslafa01a84;MpKslafa01a84;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5074FC6-C8A1-4C9E-84FC-A1F015AF4F85}\MpKslafa01a84.sys [x]
R1 MpKslbed8239e;MpKslbed8239e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4968A468-FEC9-432D-8334-ED6D41CAB976}\MpKslbed8239e.sys [x]
R1 MpKslcf848c6c;MpKslcf848c6c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4984F29D-9D0F-41B0-84A8-9C1A7995DC08}\MpKslcf848c6c.sys [x]
R1 MpKsld0bc60c8;MpKsld0bc60c8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EBD368F-E828-457E-BDC1-CBB385C672EC}\MpKsld0bc60c8.sys [x]
R1 MpKsld47cdf20;MpKsld47cdf20;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CFBD7F7-F09B-45DA-9E1D-1CBD3B15AB2B}\MpKsld47cdf20.sys [x]
R1 MpKsld6316ddf;MpKsld6316ddf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2C2A1ED-AD6E-4C44-8B4C-A63EBFF9C180}\MpKsld6316ddf.sys [x]
R1 MpKsld7678723;MpKsld7678723;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8F4C0B7-3720-46E0-BEC8-D25CE2AD277B}\MpKsld7678723.sys [x]
R1 MpKslf78ff9e9;MpKslf78ff9e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{257C8F7F-1361-4019-9037-D54251CEAC24}\MpKslf78ff9e9.sys [x]
R1 MpKslf96a787e;MpKslf96a787e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C3E59AE-123D-4005-A46C-B327BFC4A587}\MpKslf96a787e.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 135664]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2010-06-17 82768]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 135664]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-04-09 7680]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-25 1343400]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-04-09 110592]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-04-09 105344]
R4 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-06-22 321104]
R4 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 735776]
R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
R4 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-04-20 9216]
R4 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-10-05 237056]
R4 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-10-05 1060352]
R4 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-10-05 484352]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-05-20 68208]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 NETw5s32;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-05-31 6766080]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 13:34]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 13:34]
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000Core.job
- c:\users\XXXX\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 17:47]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000UA.job
- c:\users\XXXX\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 17:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\wo2dmo0j.default\
FF - prefs.js: browser.search.selectedEngine - Google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\System32\LocationNotifications.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-02  15:53:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-02 14:53
.
Vor Suchlauf: 13 Verzeichnis(se), 166.733.926.400 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 166.488.657.920 Bytes frei
.
- - End Of File - - ABD854930188BB9EC9AE5AD07FFB25E4

--- --- ---

cosinus 02.01.2012 16:25

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

File::
c:\windows\system32\drivers\rdvgkmd.sys

Driver::
VGPU

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

biberbruder 02.01.2012 18:18

Hallo,

hier das Logfile:
Combofix Logfile:
Code:

ComboFix 12-01-02.01 - XXX 02.01.2012  16:41:41.2.4 - x86
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.1013.248 [GMT 1:00]
ausgeführt von:: c:\users\XXX\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\XXX\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\rdvgkmd.sys"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_VGPU
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-02 bis 2012-01-02  ))))))))))))))))))))))))))))))
.
.
2012-01-02 15:59 . 2012-01-02 15:59        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-01-02 15:30 . 2012-01-02 15:30        29904        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{361D6C28-6288-4A8A-B8C1-D2909AE180EC}\MpKsl9bb1ceb2.sys
2012-01-02 15:30 . 2012-01-02 16:01        56200        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{361D6C28-6288-4A8A-B8C1-D2909AE180EC}\offreg.dll
2012-01-02 15:30 . 2011-11-21 10:47        6823496        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{361D6C28-6288-4A8A-B8C1-D2909AE180EC}\mpengine.dll
2012-01-02 14:44 . 2012-01-02 16:01        --------        d-----w-        c:\users\XXX\AppData\Local\temp
2012-01-02 14:22 . 2011-04-25 02:18        338944        ----a-w-        c:\windows\system32\drivers\afd.sys
2012-01-02 13:01 . 2012-01-02 13:01        --------        d-----w-        C:\_OTL
2011-12-31 06:18 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-12-30 19:54 . 2011-12-30 19:54        --------        d-----w-        c:\users\XXX\AppData\Local\Amazon
2011-12-30 19:54 . 2011-12-30 19:54        --------        d-----w-        c:\program files\Amazon
2011-12-30 14:08 . 2011-11-24 04:25        2342912        ----a-w-        c:\windows\system32\win32k.sys
2011-12-30 14:08 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-12-30 14:07 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\system32\EncDec.dll
2011-12-30 14:07 . 2011-10-26 04:28        38912        ----a-w-        c:\windows\system32\csrsrv.dll
2011-12-30 14:06 . 2011-10-26 04:47        3912560        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-12-30 14:06 . 2011-10-26 04:47        3967856        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-12-30 04:56 . 2011-12-30 04:56        --------        d-----w-        c:\program files\ESET
2011-12-29 17:18 . 2011-12-29 17:18        --------        d-----w-        c:\users\XXX\AppData\Roaming\Malwarebytes
2011-12-29 17:17 . 2011-12-29 17:17        --------        d-----w-        c:\programdata\Malwarebytes
2011-12-29 17:17 . 2011-12-31 06:18        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-12-26 18:04 . 2011-12-30 13:37        --------        d-----w-        C:\Closeall
2011-12-14 11:22 . 2011-12-14 11:22        --------        d-----w-        c:\users\XXX\AppData\Roaming\Rovio
2011-12-14 11:20 . 2011-12-30 13:37        --------        d-----w-        c:\program files\AngryBirds
2011-12-14 09:18 . 2011-12-30 13:37        --------        d-----w-        c:\program files\Finale 2009 Demo
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-27 08:46 . 2011-11-27 08:46        1409        ----a-w-        c:\windows\QTFont.for
2011-11-21 10:47 . 2011-08-01 19:21        6823496        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-18 13:32 . 2011-11-18 13:32        499712        ----a-w-        c:\windows\system32\msvcp71.dll
2011-11-18 13:32 . 2011-11-18 13:32        348160        ----a-w-        c:\windows\system32\msvcr71.dll
2011-11-11 18:36 . 2011-06-05 14:32        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 07:30 . 2011-10-11 07:31        703824        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91F289DD-5888-4D1D-A290-EC24EF7F5FB1}\gapaengine.dll
2010-03-31 09:09 . 2010-03-31 09:09        10437264        ----a-w-        c:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 11:36 . 2010-04-08 11:36        107760        ----a-w-        c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2011-11-10 05:35 . 2011-06-05 14:21        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-22 9292392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-16 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-11-18 296056]
"Uniboard virtual printer agent"="c:\program files\Uniboard 4\ubrdagent.exe" [2009-08-27 94208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]
2010-06-11 12:28        715296        ----a-w-        c:\program files\Acer\Acer ePower Management\ePowerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AndroidManager]
2010-01-08 09:47        508280        ----a-w-        c:\program files\Acer\Android Manager\AML.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus SX525WD(Netzwerk)]
2011-07-19 06:02        201216        ----a-w-        c:\windows\System32\spool\drivers\w32x86\3\E_FATIGAE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-20 17:47        136176        ----atw-        c:\users\XXX\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPatchData]
2010-11-30 02:13        489848        ----a-w-        c:\program files\Acer\Updater\iUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSyncData]
2010-01-08 09:53        407416        ----a-w-        c:\program files\Acer\Android Manager\iSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2010-06-22 06:34        968272        ----a-w-        c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2009-04-20 16:20        2327552        ----a-w-        c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59        254696        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 MpKsl03a4c6da;MpKsl03a4c6da;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C195B4E7-D3D0-4BD3-ADC8-ACAD45D99179}\MpKsl03a4c6da.sys [x]
R1 MpKsl0415a17a;MpKsl0415a17a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7CAFB7B-B1A4-4BC6-965D-53A2EBFF0EC6}\MpKsl0415a17a.sys [x]
R1 MpKsl0ce4fbda;MpKsl0ce4fbda;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{226C1614-04E9-4FA7-8A85-43351DF1452E}\MpKsl0ce4fbda.sys [x]
R1 MpKsl0fec7b90;MpKsl0fec7b90;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5363F6DE-C0E9-42E1-9D19-A6A03AF97927}\MpKsl0fec7b90.sys [x]
R1 MpKsl196bd21b;MpKsl196bd21b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F583F41C-7C3C-428A-9F94-0241211680EA}\MpKsl196bd21b.sys [x]
R1 MpKsl2607df49;MpKsl2607df49;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC8F7EFF-663D-47CA-8E8D-A2F08CB20CA1}\MpKsl2607df49.sys [x]
R1 MpKsl264939d0;MpKsl264939d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44B8F922-8674-4361-9D4A-6F7BC90D132A}\MpKsl264939d0.sys [x]
R1 MpKsl29daf26c;MpKsl29daf26c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{739B6494-E1F8-4F3E-A4AD-2635939D4307}\MpKsl29daf26c.sys [x]
R1 MpKsl2ff64951;MpKsl2ff64951;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44B8F922-8674-4361-9D4A-6F7BC90D132A}\MpKsl2ff64951.sys [x]
R1 MpKsl3157fefe;MpKsl3157fefe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8F9B1DF-A4A6-4053-B1B5-AFF15E5610BA}\MpKsl3157fefe.sys [x]
R1 MpKsl32784dd6;MpKsl32784dd6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{739B6494-E1F8-4F3E-A4AD-2635939D4307}\MpKsl32784dd6.sys [x]
R1 MpKsl39de850c;MpKsl39de850c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DA91449-AF5F-49CD-BB42-57A9A5FC96A0}\MpKsl39de850c.sys [x]
R1 MpKsl3b15d3df;MpKsl3b15d3df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0CD785C-CEC5-4269-A8C0-02BE77C7276A}\MpKsl3b15d3df.sys [x]
R1 MpKsl3b20d1df;MpKsl3b20d1df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9247875B-6B15-4054-94B1-36A342ACCA51}\MpKsl3b20d1df.sys [x]
R1 MpKsl42ad931c;MpKsl42ad931c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4314C7D-B49C-4236-8AF5-4AF0A1CB514C}\MpKsl42ad931c.sys [x]
R1 MpKsl4b58eb93;MpKsl4b58eb93;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8F9B1DF-A4A6-4053-B1B5-AFF15E5610BA}\MpKsl4b58eb93.sys [x]
R1 MpKsl530ba384;MpKsl530ba384;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B655E456-CA33-44A9-876F-2566EF045783}\MpKsl530ba384.sys [x]
R1 MpKsl56cbc87c;MpKsl56cbc87c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7BAF7D75-2455-4C12-B3DB-2627F7E0C222}\MpKsl56cbc87c.sys [x]
R1 MpKsl591c3512;MpKsl591c3512;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2309F098-9DF0-4428-A04B-4E4C3A860FA9}\MpKsl591c3512.sys [x]
R1 MpKsl5dd51386;MpKsl5dd51386;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C195B4E7-D3D0-4BD3-ADC8-ACAD45D99179}\MpKsl5dd51386.sys [x]
R1 MpKsl60a39861;MpKsl60a39861;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A559CAC5-CCC0-44CA-BD53-7D16E39A2950}\MpKsl60a39861.sys [x]
R1 MpKsl66ddca17;MpKsl66ddca17;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDFA5914-EF9B-4DCD-AF44-8A45F460628E}\MpKsl66ddca17.sys [x]
R1 MpKsl73a19290;MpKsl73a19290;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31463DE6-8107-4DCB-A1B2-7E1C67449C78}\MpKsl73a19290.sys [x]
R1 MpKsl8250f1ca;MpKsl8250f1ca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EE7DB756-E1A3-4734-971D-0224EF1824FB}\MpKsl8250f1ca.sys [x]
R1 MpKsl87dd9996;MpKsl87dd9996;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DA91449-AF5F-49CD-BB42-57A9A5FC96A0}\MpKsl87dd9996.sys [x]
R1 MpKsl8c8877d0;MpKsl8c8877d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10975C14-CC0D-4EC9-BB16-8B882079BDBB}\MpKsl8c8877d0.sys [x]
R1 MpKsl9adc85e3;MpKsl9adc85e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CB37EA3-803A-4B4F-B500-D2E904DEB5FF}\MpKsl9adc85e3.sys [x]
R1 MpKslabc6275f;MpKslabc6275f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E30EB4AE-B0CC-4648-9C99-937033DE171F}\MpKslabc6275f.sys [x]
R1 MpKslacd9d4c8;MpKslacd9d4c8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A3880D1-C127-41E7-B79E-8A7A1D077D23}\MpKslacd9d4c8.sys [x]
R1 MpKslad072f99;MpKslad072f99;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F71A4E9C-600F-4777-A00A-86BDF0B458C1}\MpKslad072f99.sys [x]
R1 MpKslafa01a84;MpKslafa01a84;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5074FC6-C8A1-4C9E-84FC-A1F015AF4F85}\MpKslafa01a84.sys [x]
R1 MpKslbed8239e;MpKslbed8239e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4968A468-FEC9-432D-8334-ED6D41CAB976}\MpKslbed8239e.sys [x]
R1 MpKslcf848c6c;MpKslcf848c6c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4984F29D-9D0F-41B0-84A8-9C1A7995DC08}\MpKslcf848c6c.sys [x]
R1 MpKsld0bc60c8;MpKsld0bc60c8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EBD368F-E828-457E-BDC1-CBB385C672EC}\MpKsld0bc60c8.sys [x]
R1 MpKsld47cdf20;MpKsld47cdf20;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CFBD7F7-F09B-45DA-9E1D-1CBD3B15AB2B}\MpKsld47cdf20.sys [x]
R1 MpKsld6316ddf;MpKsld6316ddf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2C2A1ED-AD6E-4C44-8B4C-A63EBFF9C180}\MpKsld6316ddf.sys [x]
R1 MpKsld7678723;MpKsld7678723;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8F4C0B7-3720-46E0-BEC8-D25CE2AD277B}\MpKsld7678723.sys [x]
R1 MpKslf78ff9e9;MpKslf78ff9e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{257C8F7F-1361-4019-9037-D54251CEAC24}\MpKslf78ff9e9.sys [x]
R1 MpKslf96a787e;MpKslf96a787e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C3E59AE-123D-4005-A46C-B327BFC4A587}\MpKslf96a787e.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 135664]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2010-06-17 82768]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 135664]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-04-09 7680]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-25 1343400]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-04-09 110592]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-04-09 105344]
R4 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-06-22 321104]
R4 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 735776]
R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
R4 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-04-20 9216]
R4 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-10-05 237056]
R4 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-10-05 1060352]
R4 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-10-05 484352]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 MpKsl9bb1ceb2;MpKsl9bb1ceb2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{361D6C28-6288-4A8A-B8C1-D2909AE180EC}\MpKsl9bb1ceb2.sys [2012-01-02 29904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-05-20 68208]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 NETw5s32;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-05-31 6766080]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 13:34]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 13:34]
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000Core.job
- c:\users\XXX\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 17:47]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000UA.job
- c:\users\XXX\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 17:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\wo2dmo0j.default\
FF - prefs.js: browser.search.selectedEngine - Google.de
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\LocationNotifications.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-02  17:07:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-02 16:07
ComboFix2.txt  2012-01-02 14:53
.
Vor Suchlauf: 18 Verzeichnis(se), 166.298.136.576 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 166.261.014.528 Bytes frei
.
- - End Of File - - E7AA46074EE18DE81C3215D70E28B926

--- --- ---

Leider habe ich die Windows-Firewall nicht deaktivieren können... hoffe die Aktion hat trotzdem Aussicht auf Erfolg.

cosinus 02.01.2012 21:01

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Alle Zeitangaben in WEZ +1. Es ist jetzt 10:28 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131