Trojaner-Board - Trojaner:"Aus Sicherheitsgründen wurde ihr Betriebssystem blockiert...."

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Trojaner:"Aus Sicherheitsgründen wurde ihr Betriebssystem blockiert...." (https://www.trojaner-board.de/107579-trojaner-sicherheitsgruenden-wurde-betriebssystem-blockiert.html)

ok..hab jetzt alles was ich gefunden hab und McAfee angeht gelöscht und nochmal gescannt:

OTL Logfile:

Code:

OTL logfile created on: 1/8/2012 10:04:46 PM - Run 6

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Oly\Desktop

 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1014.37 Mb Total Physical Memory | 687.83 Mb Available Physical Memory | 67.81% Memory free

1.99 Gb Paging File | 1.65 Gb Available in Paging File | 82.91% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 65.63 Gb Total Space | 30.18 Gb Free Space | 45.98% Space Free | Partition Type: NTFS

Drive D: | 68.32 Gb Total Space | 68.23 Gb Free Space | 99.87% Space Free | Partition Type: NTFS

 

Computer Name: OLY-PC | User Name: Oly | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012/01/05 01:35:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Oly\Desktop\OTL.exe

PRC - [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011/03/02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] --  -- (McSysmon)

SRV - File not found [Unknown | Stopped] --  -- (McShield)

SRV - [2009/08/11 16:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV - [2009/07/21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2009/05/13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\Rezip.exe -- (Rezip)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2009/11/25 11:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009/09/21 17:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/05/11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/03/30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2009/02/13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn"

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 22:40:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/07 22:39:58 | 000,000,000 | ---D | M]

 

[2009/12/23 20:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oly\AppData\Roaming\mozilla\Extensions

[2012/01/07 13:22:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oly\AppData\Roaming\mozilla\Firefox\Profiles\0crdlkzg.default\extensions

[2011/08/07 18:23:17 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Oly\AppData\Roaming\mozilla\Firefox\Profiles\0crdlkzg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012/01/07 13:22:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2010/02/20 15:10:13 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2011/08/20 19:14:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011/08/20 19:14:31 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011/08/20 19:14:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011/08/20 19:14:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011/08/20 19:14:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google ()

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

 

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Oly\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.70.240.53 129.70.182.24

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01677D5D-AADB-4B17-835F-C79B4052D3D7}: DhcpNameServer = 129.70.240.53 129.70.182.24

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F4C11B8-919E-4D67-A037-585ABB74D52D}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{194b2fe4-f3ee-11df-826a-0c6076d4fbc2}\Shell - "" = AutoRun

O33 - MountPoints2\{194b2fe4-f3ee-11df-826a-0c6076d4fbc2}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe - (Broadcom Corporation.)

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: mcagent_exe - hkey= - key= -  File not found

MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

MsConfig - State: "services" - 2

MsConfig - State: "startup" - 2

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: mcmscsvc - Service

SafeBootMin: MCODS - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: mcmscsvc - Service

SafeBootNet: MCODS - Service

SafeBootNet: Messenger - Service

SafeBootNet: MpfService - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.yv12 - C:\windows\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Error creating restore point.

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012/01/07 00:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012/01/07 00:30:59 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Oly\Desktop\esetsmartinstaller_enu.exe

[2012/01/06 23:36:13 | 000,000,000 | ---D | C] -- C:\Users\Oly\AppData\Roaming\Malwarebytes

[2012/01/06 23:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/01/06 23:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/01/06 23:35:38 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2012/01/06 23:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/01/06 12:54:00 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/01/05 01:35:26 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Oly\Desktop\OTL.exe

[2011/12/31 17:35:20 | 000,000,000 | ---D | C] -- C:\Users\Oly\Desktop\accutane

[2011/12/29 18:23:59 | 000,000,000 | ---D | C] -- C:\Users\Oly\Desktop\Spieltheorie

[1 C:\Users\Oly\AppData\Local\*.tmp files -> C:\Users\Oly\AppData\Local\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012/01/08 21:56:12 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/01/08 21:56:07 | 797,728,768 | -HS- | M] () -- C:\hiberfil.sys

[2012/01/08 21:53:06 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/01/07 16:09:24 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/07 16:09:24 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/01/07 16:09:23 | 000,008,212 | ---- | M] () -- C:\windows\mfebcdata

[2012/01/07 00:31:00 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Oly\Desktop\esetsmartinstaller_enu.exe

[2012/01/06 23:35:41 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/06 15:57:18 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/01/05 01:35:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Oly\Desktop\OTL.exe

[2011/12/19 12:40:52 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat

[2011/12/19 12:40:52 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2011/12/19 12:40:52 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat

[2011/12/19 12:40:52 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2011/12/15 21:52:01 | 000,408,672 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[1 C:\Users\Oly\AppData\Local\*.tmp files -> C:\Users\Oly\AppData\Local\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012/01/07 16:09:23 | 000,008,212 | ---- | C] () -- C:\windows\mfebcdata

[2012/01/06 23:35:41 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2011/05/20 20:56:43 | 000,000,000 | ---- | C] () -- C:\Users\Oly\AppData\Local\{3DEB4785-F293-459E-8F23-1AD7997834B6}

[2010/02/20 15:20:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009/12/19 12:13:14 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini

[2009/12/19 11:34:42 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2009/08/28 01:09:59 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat

[2009/08/28 01:09:58 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat

[2009/08/28 01:09:58 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat

[2009/08/28 01:09:58 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat

[2009/08/27 08:40:34 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe

[2009/08/27 08:39:21 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll

[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat

[2009/07/14 05:33:53 | 000,408,672 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT

[2009/07/14 03:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat

[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat

[2009/07/14 03:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat

[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat

[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT

[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat

[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll

[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

[2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin

[2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin

[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin

[2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin

[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

 
 ========== LOP Check ==========

 

[2009/12/19 12:57:07 | 000,000,000 | -HSD | M] -- C:\Users\Oly\AppData\Roaming\.#

[2011/08/07 18:23:50 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\DVDVideoSoft

[2011/08/07 18:23:14 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\DVDVideoSoftIEHelpers

[2009/12/22 16:36:02 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\Windows Live Writer

[2011/10/05 10:20:37 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2009/12/19 12:57:07 | 000,000,000 | -HSD | M] -- C:\Users\Oly\AppData\Roaming\.#

[2010/02/17 23:40:13 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\Adobe

[2011/09/16 21:44:42 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\Apple Computer

[2011/08/07 18:23:50 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\DVDVideoSoft

[2011/08/07 18:23:14 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\DVDVideoSoftIEHelpers

[2009/12/19 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\Google

[2009/12/19 12:17:38 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\Identities

[2009/12/20 21:01:55 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\Macromedia

[2012/01/06 23:36:13 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\Malwarebytes

[2012/01/06 12:54:02 | 000,000,000 | --SD | M] -- C:\Users\Oly\AppData\Roaming\Microsoft

[2009/12/23 20:08:21 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\Mozilla

[2011/11/04 10:44:33 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\Skype

[2011/11/04 10:44:20 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\skypePM

[2009/12/22 16:36:02 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\Windows Live Writer

[2011/05/28 20:04:30 | 000,000,000 | ---D | M] -- C:\Users\Oly\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys

[2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys

[2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys

[2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys

[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

[2011/03/11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll

[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys

[2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys

[2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011/03/11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys

[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll

[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll

[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe

[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe

[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

SRV - File not found [Disabled | Stopped] --  -- (McSysmon)

SRV - File not found [Unknown | Stopped] --  -- (McShield)

SRV - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\Rezip.exe -- (Rezip)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{194b2fe4-f3ee-11df-826a-0c6076d4fbc2}\Shell - "" = AutoRun

O33 - MountPoints2\{194b2fe4-f3ee-11df-826a-0c6076d4fbc2}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence

O34 - HKLM BootExecute: (autocheck autochk *)

[2009/12/19 11:34:42 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2009/12/19 12:57:07 | 000,000,000 | -HSD | M] -- C:\Users\Oly\AppData\Roaming\.#

@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

habs mehrfach versucht....aber OTL bleibt immer bei O34 - HKLM BootExecute: (autocheck autochk *) stecken: Keine Rückmeldung

Probier es im abgesicherten Modus

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

habe ich bereits probiert...:(

Hm, der O34-Eintrag sollte sowieso raus, muss wohl versehentlich mit reingekommen sein :dummguck: Nimm mal zum Fixen das Script hier:

Code:

:OTL

SRV - File not found [Disabled | Stopped] --  -- (McSysmon)

SRV - File not found [Unknown | Stopped] --  -- (McShield)

SRV - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\Rezip.exe -- (Rezip)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{194b2fe4-f3ee-11df-826a-0c6076d4fbc2}\Shell - "" = AutoRun

O33 - MountPoints2\{194b2fe4-f3ee-11df-826a-0c6076d4fbc2}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence

[2009/12/19 11:34:42 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2009/12/19 12:57:07 | 000,000,000 | -HSD | M] -- C:\Users\Oly\AppData\Roaming\.#

@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE

:Commands

[emptytemp]

ja danke das hat geklappt....allerdings hat er vorm neustart noch die automatischen updates gemacht...könnte es sein, dass er killing process dadurch beeinträchtigt wurde?!

hier der log

Code:

 All processes killed

========== OTL ==========

Error: No service named McSysmon was found to stop!

Service\Driver key McSysmon not found.

Error: No service named McShield was found to stop!

Service\Driver key McShield not found.

Error: No service named Rezip was found to stop!

Service\Driver key Rezip not found.

File C:\Windows\System32\Rezip.exe not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

File C:\autoexec.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{194b2fe4-f3ee-11df-826a-0c6076d4fbc2}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{194b2fe4-f3ee-11df-826a-0c6076d4fbc2}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{194b2fe4-f3ee-11df-826a-0c6076d4fbc2}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{194b2fe4-f3ee-11df-826a-0c6076d4fbc2}\ not found.

File E:\setup_vmc_lite.exe /checkApplicationPresence not found.

C:\ProgramData\FullRemove.exe moved successfully.

C:\Users\Oly\AppData\Roaming\.# folder moved successfully.

ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Oly

->Temp folder emptied: 1092 bytes

->Temporary Internet Files folder emptied: 78800 bytes

->FireFox cache emptied: 58133779 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 1170 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 7126232 bytes

RecycleBin emptied: 10854325 bytes

 

Total Files Cleaned = 73.00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 01132012_162118
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

danke

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

ok ausgeführt

Code:

 17:05:36.0173 2744        TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05

17:05:36.0235 2744        ============================================================

17:05:36.0235 2744        Current date / time: 2012/01/13 17:05:36.0235

17:05:36.0235 2744        SystemInfo:

17:05:36.0235 2744        

17:05:36.0235 2744        OS Version: 6.1.7600 ServicePack: 0.0

17:05:36.0235 2744        Product type: Workstation

17:05:36.0235 2744        ComputerName: OLY-PC

17:05:36.0235 2744        UserName: Oly

17:05:36.0235 2744        Windows directory: C:\windows

17:05:36.0235 2744        System windows directory: C:\windows

17:05:36.0235 2744        Processor architecture: Intel x86

17:05:36.0235 2744        Number of processors: 2

17:05:36.0235 2744        Page size: 0x1000

17:05:36.0235 2744        Boot type: Normal boot

17:05:36.0235 2744        ============================================================

17:05:37.0951 2744        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000, SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050

17:05:38.0029 2744        Initialize success

17:06:53.0654 2528        ============================================================

17:06:53.0654 2528        Scan started

17:06:53.0654 2528        Mode: Manual; SigCheck; TDLFS; 

17:06:53.0654 2528        ============================================================

17:06:55.0354 2528        1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys

17:06:55.0588 2528        1394ohci - ok

17:06:55.0620 2528        ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys

17:06:55.0666 2528        ACPI - ok

17:06:55.0776 2528        AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys

17:06:55.0854 2528        AcpiPmi - ok

17:06:55.0978 2528        adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys

17:06:56.0056 2528        adp94xx - ok

17:06:56.0119 2528        adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys

17:06:56.0166 2528        adpahci - ok

17:06:56.0244 2528        adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys

17:06:56.0290 2528        adpu320 - ok

17:06:56.0384 2528        AFD             (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys

17:06:56.0431 2528        AFD - ok

17:06:56.0478 2528        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys

17:06:56.0509 2528        agp440 - ok

17:06:56.0571 2528        aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys

17:06:56.0602 2528        aic78xx - ok

17:06:56.0649 2528        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys

17:06:56.0680 2528        aliide - ok

17:06:56.0727 2528        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys

17:06:56.0758 2528        amdagp - ok

17:06:56.0836 2528        amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys

17:06:56.0868 2528        amdide - ok

17:06:56.0899 2528        AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys

17:06:56.0946 2528        AmdK8 - ok

17:06:56.0961 2528        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys

17:06:57.0008 2528        AmdPPM - ok

17:06:57.0086 2528        amdsata         (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys

17:06:57.0133 2528        amdsata - ok

17:06:57.0211 2528        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys

17:06:57.0258 2528        amdsbs - ok

17:06:57.0273 2528        amdxata         (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys

17:06:57.0304 2528        amdxata - ok

17:06:57.0367 2528        AppID           (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys

17:06:57.0429 2528        AppID - ok

17:06:57.0554 2528        arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys

17:06:57.0585 2528        arc - ok

17:06:57.0632 2528        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys

17:06:57.0663 2528        arcsas - ok

17:06:57.0694 2528        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys

17:06:57.0772 2528        AsyncMac - ok

17:06:57.0804 2528        atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys

17:06:57.0835 2528        atapi - ok

17:06:57.0913 2528        athr            (ac4adac154563ab41cc79b0257bc685a) C:\windows\system32\DRIVERS\athr.sys

17:06:58.0022 2528        athr - ok

17:06:58.0116 2528        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

17:06:58.0162 2528        avgio - ok

17:06:58.0240 2528        avgntflt        (14fe36d8f2c6a2435275338d061a0b66) C:\windows\system32\DRIVERS\avgntflt.sys

17:06:58.0334 2528        avgntflt - ok

17:06:58.0396 2528        avipbb          (6d52060b59e7d79cd2a044b6add1f1ef) C:\windows\system32\DRIVERS\avipbb.sys

17:06:58.0428 2528        avipbb - ok

17:06:58.0537 2528        b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys

17:06:58.0615 2528        b06bdrv - ok

17:06:58.0708 2528        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys

17:06:58.0755 2528        b57nd60x - ok

17:06:58.0864 2528        Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys

17:06:58.0942 2528        Beep - ok

17:06:59.0005 2528        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys

17:06:59.0052 2528        blbdrive - ok

17:06:59.0192 2528        bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys

17:06:59.0254 2528        bowser - ok

17:06:59.0301 2528        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys

17:06:59.0348 2528        BrFiltLo - ok

17:06:59.0410 2528        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys

17:06:59.0457 2528        BrFiltUp - ok

17:06:59.0535 2528        Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys

17:06:59.0598 2528        Brserid - ok

17:06:59.0660 2528        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys

17:06:59.0738 2528        BrSerWdm - ok

17:06:59.0785 2528        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys

17:06:59.0816 2528        BrUsbMdm - ok

17:06:59.0832 2528        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys

17:06:59.0878 2528        BrUsbSer - ok

17:06:59.0972 2528        BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys

17:07:00.0019 2528        BthEnum - ok

17:07:00.0050 2528        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys

17:07:00.0097 2528        BTHMODEM - ok

17:07:00.0144 2528        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys

17:07:00.0190 2528        BthPan - ok

17:07:00.0331 2528        BTHPORT         (88059ff1ded4472acd17eebabd393069) C:\windows\System32\Drivers\BTHport.sys

17:07:00.0393 2528        BTHPORT - ok

17:07:00.0471 2528        BTHUSB          (80e6384beec03b8bd45edea29802d657) C:\windows\System32\Drivers\BTHUSB.sys

17:07:00.0518 2528        BTHUSB - ok

17:07:00.0596 2528        btwaudio        (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys

17:07:00.0658 2528        btwaudio - ok

17:07:00.0705 2528        btwavdt         (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\DRIVERS\btwavdt.sys

17:07:00.0752 2528        btwavdt - ok

17:07:00.0830 2528        btwl2cap        (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys

17:07:00.0846 2528        btwl2cap - ok

17:07:00.0939 2528        btwrchid        (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys

17:07:00.0986 2528        btwrchid - ok

17:07:01.0033 2528        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys

17:07:01.0111 2528        cdfs - ok

17:07:01.0173 2528        cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys

17:07:01.0220 2528        cdrom - ok

17:07:01.0282 2528        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys

17:07:01.0345 2528        circlass - ok

17:07:01.0407 2528        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys

17:07:01.0438 2528        CLFS - ok

17:07:01.0532 2528        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys

17:07:01.0579 2528        CmBatt - ok

17:07:01.0641 2528        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys

17:07:01.0688 2528        cmdide - ok

17:07:01.0735 2528        CNG             (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys

17:07:01.0813 2528        CNG - ok

17:07:01.0891 2528        Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys

17:07:01.0922 2528        Compbatt - ok

17:07:01.0984 2528        CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys

17:07:02.0031 2528        CompositeBus - ok

17:07:02.0094 2528        crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys

17:07:02.0140 2528        crcdisk - ok

17:07:02.0265 2528        DfsC            (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys

17:07:02.0328 2528        DfsC - ok

17:07:02.0406 2528        discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys

17:07:02.0499 2528        discache - ok

17:07:02.0577 2528        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys

17:07:02.0624 2528        Disk - ok

17:07:02.0702 2528        drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys

17:07:02.0749 2528        drmkaud - ok

17:07:02.0811 2528        DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys

17:07:02.0889 2528        DXGKrnl - ok

17:07:03.0076 2528        ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys

17:07:03.0279 2528        ebdrv - ok

17:07:03.0373 2528        elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys

17:07:03.0435 2528        elxstor - ok

17:07:03.0498 2528        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys

17:07:03.0544 2528        ErrDev - ok

17:07:03.0654 2528        exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys

17:07:03.0732 2528        exfat - ok

17:07:03.0810 2528        fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys

17:07:03.0919 2528        fastfat - ok

17:07:03.0997 2528        fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys

17:07:04.0044 2528        fdc - ok

17:07:04.0122 2528        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys

17:07:04.0153 2528        FileInfo - ok

17:07:04.0168 2528        Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys

17:07:04.0262 2528        Filetrace - ok

17:07:04.0309 2528        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys

17:07:04.0356 2528        flpydisk - ok

17:07:04.0434 2528        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys

17:07:04.0480 2528        FltMgr - ok

17:07:04.0558 2528        FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys

17:07:04.0574 2528        FsDepends - ok

17:07:04.0636 2528        fssfltr         (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys

17:07:04.0668 2528        fssfltr - ok

17:07:04.0730 2528        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys

17:07:04.0777 2528        Fs_Rec - ok

17:07:04.0870 2528        fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys

17:07:04.0917 2528        fvevol - ok

17:07:04.0948 2528        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys

17:07:04.0980 2528        gagp30kx - ok

17:07:05.0104 2528        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

17:07:05.0136 2528        GEARAspiWDM - ok

17:07:05.0229 2528        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys

17:07:05.0276 2528        hcw85cir - ok

17:07:05.0354 2528        HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys

17:07:05.0416 2528        HdAudAddService - ok

17:07:05.0479 2528        HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys

17:07:05.0526 2528        HDAudBus - ok

17:07:05.0588 2528        HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys

17:07:05.0635 2528        HidBatt - ok

17:07:05.0666 2528        HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys

17:07:05.0713 2528        HidBth - ok

17:07:05.0760 2528        HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys

17:07:05.0806 2528        HidIr - ok

17:07:05.0900 2528        HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys

17:07:05.0931 2528        HidUsb - ok

17:07:05.0994 2528        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys

17:07:06.0025 2528        HpSAMD - ok

17:07:06.0103 2528        HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys

17:07:06.0212 2528        HTTP - ok

17:07:06.0290 2528        hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys

17:07:06.0337 2528        hwpolicy - ok

17:07:06.0384 2528        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys

17:07:06.0430 2528        i8042prt - ok

17:07:06.0493 2528        iaStorV         (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys

17:07:06.0540 2528        iaStorV - ok

17:07:06.0789 2528        igfx            (9467514ea189475a6e7fdc5d7bde9d3f) C:\windows\system32\DRIVERS\igdkmd32.sys

17:07:07.0070 2528        igfx - ok

17:07:07.0148 2528        iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys

17:07:07.0195 2528        iirsp - ok

17:07:07.0398 2528        IntcAzAudAddService (e345ec27c8dff8728f5c6f0413699dc5) C:\windows\system32\drivers\RTKVHDA.sys

17:07:07.0600 2528        IntcAzAudAddService - ok

17:07:07.0647 2528        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys

17:07:07.0678 2528        intelide - ok

17:07:07.0725 2528        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys

17:07:07.0772 2528        intelppm - ok

17:07:07.0881 2528        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys

17:07:08.0006 2528        IpFilterDriver - ok

17:07:08.0053 2528        IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys

17:07:08.0115 2528        IPMIDRV - ok

17:07:08.0209 2528        IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys

17:07:08.0302 2528        IPNAT - ok

17:07:08.0380 2528        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys

17:07:08.0412 2528        IRENUM - ok

17:07:08.0490 2528        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys

17:07:08.0552 2528        isapnp - ok

17:07:08.0614 2528        iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys

17:07:08.0661 2528        iScsiPrt - ok

17:07:08.0739 2528        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys

17:07:08.0786 2528        kbdclass - ok

17:07:08.0864 2528        kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys

17:07:08.0926 2528        kbdhid - ok

17:07:09.0004 2528        KSecDD          (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys

17:07:09.0051 2528        KSecDD - ok

17:07:09.0098 2528        KSecPkg         (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys

17:07:09.0145 2528        KSecPkg - ok

17:07:09.0254 2528        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys

17:07:09.0363 2528        lltdio - ok

17:07:09.0472 2528        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys

17:07:09.0519 2528        LSI_FC - ok

17:07:09.0582 2528        LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys

17:07:09.0613 2528        LSI_SAS - ok

17:07:09.0660 2528        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys

17:07:09.0691 2528        LSI_SAS2 - ok

17:07:09.0769 2528        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys

17:07:09.0816 2528        LSI_SCSI - ok

17:07:09.0878 2528        luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys

17:07:09.0972 2528        luafv - ok

17:07:10.0034 2528        megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys

17:07:10.0081 2528        megasas - ok

17:07:10.0159 2528        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys

17:07:10.0206 2528        MegaSR - ok

17:07:10.0284 2528        Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys

17:07:10.0362 2528        Modem - ok

17:07:10.0471 2528        monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys

17:07:10.0549 2528        monitor - ok

17:07:10.0596 2528        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys

17:07:10.0642 2528        mouclass - ok

17:07:10.0720 2528        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys

17:07:10.0767 2528        mouhid - ok

17:07:10.0830 2528        mountmgr        (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys

17:07:10.0861 2528        mountmgr - ok

17:07:10.0892 2528        mpio            (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys

17:07:10.0923 2528        mpio - ok

17:07:10.0954 2528        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys

17:07:11.0032 2528        mpsdrv - ok

17:07:11.0110 2528        MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys

17:07:11.0173 2528        MRxDAV - ok

17:07:11.0251 2528        mrxsmb          (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys

17:07:11.0298 2528        mrxsmb - ok

17:07:11.0376 2528        mrxsmb10        (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys

17:07:11.0438 2528        mrxsmb10 - ok

17:07:11.0485 2528        mrxsmb20        (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys

17:07:11.0532 2528        mrxsmb20 - ok

17:07:11.0578 2528        msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys

17:07:11.0610 2528        msahci - ok

17:07:11.0672 2528        msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys

17:07:11.0734 2528        msdsm - ok

17:07:11.0812 2528        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys

17:07:11.0890 2528        Msfs - ok

17:07:11.0937 2528        mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys

17:07:12.0031 2528        mshidkmdf - ok

17:07:12.0093 2528        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys

17:07:12.0140 2528        msisadrv - ok

17:07:12.0218 2528        MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys

17:07:12.0312 2528        MSKSSRV - ok

17:07:12.0374 2528        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys

17:07:12.0452 2528        MSPCLOCK - ok

17:07:12.0499 2528        MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys

17:07:12.0577 2528        MSPQM - ok

17:07:12.0624 2528        MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys

17:07:12.0670 2528        MsRPC - ok

17:07:12.0717 2528        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys

17:07:12.0764 2528        mssmbios - ok

17:07:12.0858 2528        MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys

17:07:12.0967 2528        MSTEE - ok

17:07:12.0982 2528        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys

17:07:13.0029 2528        MTConfig - ok

17:07:13.0076 2528        Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys

17:07:13.0107 2528        Mup - ok

17:07:13.0170 2528        NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys

17:07:13.0216 2528        NativeWifiP - ok

17:07:13.0341 2528        NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys

17:07:13.0404 2528        NDIS - ok

17:07:13.0450 2528        NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys

17:07:13.0528 2528        NdisCap - ok

17:07:13.0591 2528        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys

17:07:13.0653 2528        NdisTapi - ok

17:07:13.0731 2528        Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys

17:07:13.0809 2528        Ndisuio - ok

17:07:13.0856 2528        NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys

17:07:13.0934 2528        NdisWan - ok

17:07:13.0996 2528        NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys

17:07:14.0074 2528        NDProxy - ok

17:07:14.0152 2528        NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys

17:07:14.0230 2528        NetBIOS - ok

17:07:14.0293 2528        NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys

17:07:14.0371 2528        NetBT - ok

17:07:14.0496 2528        nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys

17:07:14.0542 2528        nfrd960 - ok

17:07:14.0589 2528        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys

17:07:14.0667 2528        Npfs - ok

17:07:14.0698 2528        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys

17:07:14.0792 2528        nsiproxy - ok

17:07:14.0870 2528        Ntfs            (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys

17:07:14.0979 2528        Ntfs - ok

17:07:15.0042 2528        Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys

17:07:15.0120 2528        Null - ok

17:07:15.0198 2528        nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys

17:07:15.0244 2528        nvraid - ok

17:07:15.0276 2528        nvstor          (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys

17:07:15.0322 2528        nvstor - ok

17:07:15.0385 2528        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys

17:07:15.0416 2528        nv_agp - ok

17:07:15.0478 2528        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys

17:07:15.0525 2528        ohci1394 - ok

17:07:15.0634 2528        Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys

17:07:15.0697 2528        Parport - ok

17:07:15.0759 2528        partmgr         (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys

17:07:15.0790 2528        partmgr - ok

17:07:15.0822 2528        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys

17:07:15.0868 2528        Parvdm - ok

17:07:15.0962 2528        pci             (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys

17:07:16.0009 2528        pci - ok

17:07:16.0056 2528        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys

17:07:16.0102 2528        pciide - ok

17:07:16.0149 2528        pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys

17:07:16.0196 2528        pcmcia - ok

17:07:16.0274 2528        pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys

17:07:16.0321 2528        pcw - ok

17:07:16.0399 2528        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys

17:07:16.0539 2528        PEAUTH - ok

17:07:16.0726 2528        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys

17:07:16.0804 2528        PptpMiniport - ok

17:07:16.0867 2528        Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys

17:07:16.0914 2528        Processor - ok

17:07:17.0038 2528        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys

17:07:17.0132 2528        Psched - ok

17:07:17.0241 2528        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys

17:07:17.0350 2528        ql2300 - ok

17:07:17.0428 2528        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys

17:07:17.0460 2528        ql40xx - ok

17:07:17.0522 2528        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys

17:07:17.0584 2528        QWAVEdrv - ok

17:07:17.0616 2528        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys

17:07:17.0678 2528        RasAcd - ok

17:07:17.0756 2528        RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys

17:07:17.0834 2528        RasAgileVpn - ok

17:07:17.0928 2528        Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys

17:07:18.0037 2528        Rasl2tp - ok

17:07:18.0130 2528        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys

17:07:18.0208 2528        RasPppoe - ok

17:07:18.0302 2528        RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys

17:07:18.0396 2528        RasSstp - ok

17:07:18.0442 2528        rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys

17:07:18.0520 2528        rdbss - ok

17:07:18.0583 2528        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys

17:07:18.0645 2528        rdpbus - ok

17:07:18.0723 2528        RDPCDD          (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys

17:07:18.0817 2528        RDPCDD - ok

17:07:18.0879 2528        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys

17:07:18.0957 2528        RDPENCDD - ok

17:07:19.0035 2528        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys

17:07:19.0113 2528        RDPREFMP - ok

17:07:19.0176 2528        RDPWD           (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys

17:07:19.0254 2528        RDPWD - ok

17:07:19.0316 2528        rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys

17:07:19.0363 2528        rdyboost - ok

17:07:19.0503 2528        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys

17:07:19.0550 2528        RFCOMM - ok

17:07:19.0644 2528        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys

17:07:19.0722 2528        rspndr - ok

17:07:19.0815 2528        RTL8167         (6465166dd9b2f841dabad16abdadbe98) C:\windows\system32\DRIVERS\Rt86win7.sys

17:07:19.0893 2528        RTL8167 - ok

17:07:19.0956 2528        SABI            (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys

17:07:20.0018 2528        SABI - ok

17:07:20.0143 2528        sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys

17:07:20.0190 2528        sbp2port - ok

17:07:20.0236 2528        scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys

17:07:20.0330 2528        scfilter - ok

17:07:20.0439 2528        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys

17:07:20.0548 2528        secdrv - ok

17:07:20.0642 2528        Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys

17:07:20.0689 2528        Serenum - ok

17:07:20.0767 2528        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys

17:07:20.0814 2528        Serial - ok

17:07:20.0845 2528        sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys

17:07:20.0892 2528        sermouse - ok

17:07:20.0985 2528        sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys

17:07:21.0032 2528        sffdisk - ok

17:07:21.0110 2528        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys

17:07:21.0172 2528        sffp_mmc - ok

17:07:21.0204 2528        sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys

17:07:21.0250 2528        sffp_sd - ok

17:07:21.0297 2528        sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys

17:07:21.0328 2528        sfloppy - ok

17:07:21.0406 2528        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys

17:07:21.0453 2528        sisagp - ok

17:07:21.0484 2528        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys

17:07:21.0531 2528        SiSRaid2 - ok

17:07:21.0547 2528        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys

17:07:21.0578 2528        SiSRaid4 - ok

17:07:21.0640 2528        Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys

17:07:21.0750 2528        Smb - ok

17:07:21.0890 2528        spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys

17:07:21.0921 2528        spldr - ok

17:07:21.0999 2528        srv             (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys

17:07:22.0062 2528        srv - ok

17:07:22.0140 2528        srv2            (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys

17:07:22.0218 2528        srv2 - ok

17:07:22.0264 2528        srvnet          (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys

17:07:22.0327 2528        srvnet - ok

17:07:22.0436 2528        sscdbus         (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\windows\system32\DRIVERS\sscdbus.sys

17:07:22.0467 2528        sscdbus - ok

17:07:22.0545 2528        ssmdrv          (5ec550b8952882ee856b862cf648522d) C:\windows\system32\DRIVERS\ssmdrv.sys

17:07:22.0576 2528        ssmdrv - ok

17:07:22.0701 2528        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys

17:07:22.0748 2528        stexstor - ok

17:07:22.0779 2528        swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys

17:07:22.0810 2528        swenum - ok

17:07:22.0873 2528        SynTP           (7a9025d8f7852b06d6d08ed536135e7e) C:\windows\system32\DRIVERS\SynTP.sys

17:07:22.0935 2528        SynTP - ok

17:07:23.0138 2528        Tcpip           (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\drivers\tcpip.sys

17:07:23.0263 2528        Tcpip - ok

17:07:23.0341 2528        TCPIP6          (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\DRIVERS\tcpip.sys

17:07:23.0419 2528        TCPIP6 - ok

17:07:23.0528 2528        tcpipreg        (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys

17:07:23.0622 2528        tcpipreg - ok

17:07:23.0668 2528        TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys

17:07:23.0731 2528        TDPIPE - ok

17:07:23.0762 2528        TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys

17:07:23.0840 2528        TDTCP - ok

17:07:23.0887 2528        tdx             (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys

17:07:23.0965 2528        tdx - ok

17:07:24.0074 2528        TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys

17:07:24.0121 2528        TermDD - ok

17:07:24.0214 2528        tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys

17:07:24.0308 2528        tssecsrv - ok

17:07:24.0433 2528        tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys

17:07:24.0526 2528        tunnel - ok

17:07:24.0573 2528        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys

17:07:24.0604 2528        uagp35 - ok

17:07:24.0651 2528        udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys

17:07:24.0745 2528        udfs - ok

17:07:24.0870 2528        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys

17:07:24.0901 2528        uliagpkx - ok

17:07:24.0948 2528        umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys

17:07:25.0010 2528        umbus - ok

17:07:25.0057 2528        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys

17:07:25.0104 2528        UmPass - ok

17:07:25.0228 2528        USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys

17:07:25.0275 2528        USBAAPL - ok

17:07:25.0322 2528        usbccgp         (c31ae588e403042632dc796cf09e30b0) C:\windows\system32\DRIVERS\usbccgp.sys

17:07:25.0369 2528        usbccgp - ok

17:07:25.0462 2528        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys

17:07:25.0525 2528        usbcir - ok

17:07:25.0587 2528        usbehci         (e4c436d914768ce965d5e659ba7eebd8) C:\windows\system32\drivers\usbehci.sys

17:07:25.0650 2528        usbehci - ok

17:07:25.0728 2528        usbhub          (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys

17:07:25.0790 2528        usbhub - ok

17:07:25.0868 2528        usbohci         (eb2d819a639015253c871cda09d91d58) C:\windows\system32\drivers\usbohci.sys

17:07:25.0946 2528        usbohci - ok

17:07:26.0040 2528        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys

17:07:26.0086 2528        usbprint - ok

17:07:26.0149 2528        usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys

17:07:26.0196 2528        usbscan - ok

17:07:26.0274 2528        USBSTOR         (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS

17:07:26.0320 2528        USBSTOR - ok

17:07:26.0414 2528        usbuhci         (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\drivers\usbuhci.sys

17:07:26.0476 2528        usbuhci - ok

17:07:26.0554 2528        usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys

17:07:26.0617 2528        usbvideo - ok

17:07:26.0726 2528        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys

17:07:26.0757 2528        vdrvroot - ok

17:07:26.0820 2528        vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys

17:07:26.0866 2528        vga - ok

17:07:26.0913 2528        VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys

17:07:26.0976 2528        VgaSave - ok

17:07:27.0100 2528        vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys

17:07:27.0178 2528        vhdmp - ok

17:07:27.0225 2528        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys

17:07:27.0272 2528        viaagp - ok

17:07:27.0303 2528        ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys

17:07:27.0334 2528        ViaC7 - ok

17:07:27.0397 2528        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys

17:07:27.0428 2528        viaide - ok

17:07:27.0490 2528        volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys

17:07:27.0522 2528        volmgr - ok

17:07:27.0568 2528        volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys

17:07:27.0615 2528        volmgrx - ok

17:07:27.0678 2528        volsnap         (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys

17:07:27.0724 2528        volsnap - ok

17:07:27.0834 2528        vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys

17:07:27.0880 2528        vsmraid - ok

17:07:27.0943 2528        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys

17:07:27.0990 2528        vwifibus - ok

17:07:28.0036 2528        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys

17:07:28.0083 2528        vwififlt - ok

17:07:28.0192 2528        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys

17:07:28.0224 2528        WacomPen - ok

17:07:28.0302 2528        WANARP          (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys

17:07:28.0395 2528        WANARP - ok

17:07:28.0411 2528        Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys

17:07:28.0489 2528        Wanarpv6 - ok

17:07:28.0567 2528        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys

17:07:28.0598 2528        Wd - ok

17:07:28.0676 2528        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys

17:07:28.0738 2528        Wdf01000 - ok

17:07:28.0832 2528        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys

17:07:28.0926 2528        WfpLwf - ok

17:07:29.0019 2528        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys

17:07:29.0050 2528        WIMMount - ok

17:07:29.0206 2528        WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys

17:07:29.0253 2528        WinUsb - ok

17:07:29.0362 2528        WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys

17:07:29.0425 2528        WmiAcpi - ok

17:07:29.0518 2528        ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys

17:07:29.0596 2528        ws2ifsl - ok

17:07:29.0721 2528        WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys

17:07:29.0815 2528        WudfPf - ok

17:07:29.0877 2528        WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys

17:07:29.0986 2528        WUDFRd - ok

17:07:30.0111 2528        MBR (0x1B8)     (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0

17:07:30.0704 2528        \Device\Harddisk0\DR0 - ok

17:07:30.0720 2528        Boot (0x1200)   (cbe609ee266154d97fb02d3871d6fd04) \Device\Harddisk0\DR0\Partition0

17:07:30.0720 2528        \Device\Harddisk0\DR0\Partition0 - ok

17:07:30.0751 2528        Boot (0x1200)   (99ff42cc5830f3215940b2ac0a58154b) \Device\Harddisk0\DR0\Partition1

17:07:30.0751 2528        \Device\Harddisk0\DR0\Partition1 - ok

17:07:30.0782 2528        Boot (0x1200)   (1355bf71ada6110bdeaec645e22c1087) \Device\Harddisk0\DR0\Partition2

17:07:30.0782 2528        \Device\Harddisk0\DR0\Partition2 - ok

17:07:30.0782 2528        ============================================================

17:07:30.0782 2528        Scan finished

17:07:30.0782 2528        ============================================================

17:07:30.0813 2536        Detected object count: 0

17:07:30.0813 2536        Actual detected object count: 0

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Combofix Logfile:

Code:

ComboFix 12-01-13.05 - Oly 13.01.2012  23:41:57.2.2 - x86

Microsoft Windows 7 Starter   6.1.7600.0.1252.49.1031.18.1014.409 [GMT 1:00]

ausgeführt von:: c:\users\Oly\Downloads\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-12-13 bis 2012-01-13  ))))))))))))))))))))))))))))))

.

.

2012-01-13 23:03 . 2012-01-13 23:03        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-01-13 00:49 . 2011-11-30 01:21        6823496        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{033B30AD-8AE7-4B7A-BB49-2903679E6C67}\mpengine.dll

2012-01-13 00:49 . 2011-11-15 13:29        222080        ------w-        c:\windows\system32\MpSigStub.exe

2012-01-13 00:48 . 2011-11-17 05:41        1288984        ----a-w-        c:\windows\system32\ntdll.dll

2012-01-13 00:48 . 2011-11-19 14:06        67072        ----a-w-        c:\windows\system32\packager.dll

2012-01-13 00:48 . 2011-10-26 04:28        1328640        ----a-w-        c:\windows\system32\quartz.dll

2012-01-13 00:48 . 2011-10-26 04:28        514560        ----a-w-        c:\windows\system32\qdvd.dll

2012-01-06 23:32 . 2012-01-06 23:32        --------        d-----w-        c:\program files\ESET

2012-01-06 22:36 . 2012-01-06 22:36        --------        d-----w-        c:\users\Oly\AppData\Roaming\Malwarebytes

2012-01-06 22:35 . 2012-01-06 22:35        --------        d-----w-        c:\programdata\Malwarebytes

2012-01-06 22:35 . 2012-01-06 22:35        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-01-06 22:35 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-01-06 11:54 . 2012-01-06 11:54        --------        d-----w-        C:\_OTL

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-03 19:17 . 2011-12-03 19:17        158056        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin

2011-11-24 04:23 . 2011-12-14 22:52        2340352        ----a-w-        c:\windows\system32\win32k.sys

2011-11-05 04:35 . 2011-12-14 22:52        981504        ----a-w-        c:\windows\system32\wininet.dll

2011-11-05 04:34 . 2011-12-14 22:52        44544        ----a-w-        c:\windows\system32\licmgr10.dll

2011-11-05 04:30 . 2011-12-14 22:51        2048        ----a-w-        c:\windows\system32\tzres.dll

2011-11-05 03:28 . 2011-12-14 22:52        386048        ----a-w-        c:\windows\system32\html.iec

2011-11-05 02:55 . 2011-12-14 22:52        1638912        ----a-w-        c:\windows\system32\mshtml.tlb

2011-10-26 04:42 . 2011-12-14 22:50        3901808        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-10-26 04:42 . 2011-12-14 22:50        3957104        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2011-10-26 04:25 . 2011-12-14 22:50        38912        ----a-w-        c:\windows\system32\csrsrv.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-21 7625248]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

.

c:\users\Oly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           \0

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-27 16:10        35696        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 21:12        3872080        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2009-02-25 13:40        218408        ------w-        c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate1ca99606cdf7d3e;Google Update Service (gupdate1ca99606cdf7d3e);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 133104]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 133104]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

.

Inhalt des "geplante Tasks" Ordners

.

2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 23:36]

.

2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 23:36]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Free YouTube to MP3 Converter - c:\users\Oly\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Oly\AppData\Roaming\Mozilla\Firefox\Profiles\0crdlkzg.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-01-14  00:12:17

ComboFix-quarantined-files.txt  2012-01-13 23:12

ComboFix2.txt  2012-01-13 21:45

.

Vor Suchlauf: 11 Verzeichnis(se), 40.445.894.656 Bytes frei

Nach Suchlauf: 12 Verzeichnis(se), 40.393.789.440 Bytes frei

.

- - End Of File - - 8871212038EBF234FB2BFF64BD84AE19

--- --- ---

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

so endlich bin ich dazu gekommen...

GMER:

GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-01-18 18:04:19

Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2160BH_G2 rev.008B000B

Running: e444s5d1.exe; Driver: C:\Users\Oly\AppData\Local\Temp\uwldapow.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            8B49B3CC                                                                                         ZwCreateThread

SSDT            8B49B3B8                                                                                         ZwOpenProcess

SSDT            8B49B3BD                                                                                         ZwOpenThread

SSDT            8B49B3C7                                                                                         ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntoskrnl.exe!ZwSaveKeyEx + 13B1                                                                  820478A9 1 Byte  [06]

.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                           820672F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text           ntoskrnl.exe!KeRemoveQueueEx + 14C3                                                              8206E690 4 Bytes  [CC, B3, 49, 8B]

.text           ntoskrnl.exe!KeRemoveQueueEx + 165F                                                              8206E82C 4 Bytes  [B8, B3, 49, 8B]

.text           ntoskrnl.exe!KeRemoveQueueEx + 167F                                                              8206E84C 4 Bytes  [BD, B3, 49, 8B]

.text           ntoskrnl.exe!KeRemoveQueueEx + 192F                                                              8206EAFC 4 Bytes  [C7, B3, 49, 8B]
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 

Device          \Driver\BTHUSB \Device\00000082                                                                  bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)

Device          \Driver\BTHUSB \Device\00000084                                                                  bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000005d                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 

---- Threads - GMER 1.0.15 ----
 

Thread          System [4:2420]                                                                                  A4F5DF2E
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cda7544                      

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556e9ab33                      

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556e9bb88                      

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556e9bba2                      

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556e9bf15                      

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076d4fbc2                      

Reg             HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export                          ???k?u?????? ???????????????? ???Z?????????????????????????????s?????k?k?k???j???k???????p???????????k???????j??????????? ???????????????j??????s???LegacyDriver?????????????b????????X??t?????????e?????_?f?h?i?j?j?|????X??n???????????j??LegacyDriver?????????????????????k???????????????????2???????????????k?k?/???????????o??????nf???????j??????s???PNP Filter????????????????????N??k????????D?????? ???????k?????j?????j??????????????????????? ???????????????????v??? ???????j???????????j??????????N???????????LegacyDriver????????????????t??????j?&???????????Z?j?j?j?????????????j???????????W?h?j?j?????????????????3???3???????@???0???e??{4d36e972-e325-11ce-bfc1-08002be10318}??????Keyboard Class Driver????j??????p?????N????????????D????6-21-2006????e?zB8?????????????????s?????????j??????????????????Le??LegacyDriver?????k???????????d???e??LegacyDriver?-???[?e?j?j?k?k?z???? ??[???????e???????k??????p????k???????j???s??s ??Microsoft-6zu4-Adapter #5???Volume?ice???????v??????????HIDClass????McAfee Inc.??????k?????????????

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cda7544 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556e9ab33 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556e9bb88 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556e9bba2 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556e9bf15 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076d4fbc2 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                              ???o?o???????2????2??o????????h?????????????????t????????????????l???????????????o???????u??? ???????o???????????i??????????R?>??????m??? ???U???:?????:?:???????????????????????f?g????????????????????????? ??????????????l????????????????????????????????????4???/??????????????????? ???????o??????????????????????R?@?????????Brother RemovableDisk(U)????system32\drivers\fileinfo.sys???????????????????p????????????.??76???????l????????????X??t?????????n????????????????????????????????????di???????????{?{?p??????????????t???????????????????????*isatap?????????????????t????????p??????p?????J??o?????????n??????(??o??????p??????????????????????????????????g?????????????????d???o????R??o????????h?????\SystemRoot\System32\Drivers\BTHport.sys?.????,??o?????????e????Bluetooth-Porttreiber????o?o?o?o?o?o?z??p????????????&??????? ???????????????????5???????????0???????????~?~?~???????p??? ????????????????????????????????????????????s??????????o???????????o??? ???????o?????d???????????????????????????????o????? ???????o?????
 

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM:

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 18:13:11 on 18.01.2012
 

OS: Windows 7 Starter Edition (Build 7600), 32-bit

Default Browser: Mozilla Corporation Firefox 3.6.18
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\windows\system32\FlashPlayerCPLApp.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\Users\Oly\AppData\Local\Temp\catchme.sys  (File not found)

"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\fssfltr.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys

"uwldapow" (uwldapow) - ? - C:\Users\Oly\AppData\Local\Temp\uwldapow.sys  (Hidden registry entry, rootkit activity | File not found)
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll

{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll

{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)

"desktop.ini" - ? - C:\Users\Oly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"

"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\windows\system32\msonpmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"Google Update Service (gupdate1ca99606cdf7d3e)" (gupdate1ca99606cdf7d3e) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code]

aswMBR :

Code:

 aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software

Run date: 2012-01-18 18:14:54

-----------------------------

18:14:54.622    OS Version: Windows 6.1.7600 

18:14:54.622    Number of processors: 2 586 0x1C02

18:14:54.622    ComputerName: OLY-PC  UserName: Oly

18:15:00.394    Initialize success

18:15:48.988    AVAST engine defs: 12011800

18:17:29.546    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

18:17:29.546    Disk 0 Vendor: FUJITSU_MHZ2160BH_G2 008B000B Size: 152627MB BusType: 3

18:17:29.577    Disk 0 MBR read successfully

18:17:29.593    Disk 0 MBR scan

18:17:29.655    Disk 0 unknown MBR code

18:17:29.811    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        15360 MB offset 2048

18:17:29.858    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328

18:17:29.889    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        67210 MB offset 31664128

18:17:29.983    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        69955 MB offset 169310208

18:17:30.076    Disk 0 scanning sectors +312578048

18:17:30.529    Disk 0 scanning C:\windows\system32\drivers

18:18:59.995    Service scanning

18:19:01.992    Modules scanning

18:21:01.815    Disk 0 trace - called modules:

18:21:01.940    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 

18:21:01.956    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x843a8030]

18:21:01.971    3 CLASSPNP.SYS[8701559e] -> nt!IofCallDriver -> [0x83f45848]

18:21:01.987    5 ACPI.sys[86e433b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83645610]

18:21:02.751    AVAST engine scan C:\windows

18:21:37.259    AVAST engine scan C:\windows\system32

18:26:36.810    AVAST engine scan C:\windows\system32\drivers

18:26:52.192    AVAST engine scan C:\Users\Oly

18:29:14.636    AVAST engine scan C:\ProgramData

18:29:56.772    Scan finished successfully

18:42:38.802    Disk 0 MBR has been saved successfully to "C:\Users\Oly\Desktop\MBR.dat"

18:42:38.817    The log file has been saved successfully to "C:\Users\Oly\Desktop\aswMBR.txt"

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.
Anschließend Windows neu starten und ein neues Log mit aswMBR machen.