Trojaner-Board - Avira meldet TR/Dropper.Gen8 und HTML/Rce.Gen

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Avira meldet TR/Dropper.Gen8 und HTML/Rce.Gen (https://www.trojaner-board.de/110767-avira-meldet-tr-dropper-gen8-html-rce-gen.html)

Avira meldet TR/Dropper.Gen8 und HTML/Rce.Gen

Avira hat mir kürzlich das Vorhandensein von TR/Dropper.Gen8 gemeldet. Bei der Durchsicht vergangener Ereignisse ist mir noch eine Meldung von HTML/Rce.Gen aufgefallen. Die betroffenen Dateien wurden in Quarantäne verschoben bzw. der Zugriff verweigert.

Da TR/Dropper.Gen8 u.a. in der mbam.exe gefunden wurde, habe ich MBAM deinstalliert, anschließend neu installiert.

Suchläufe mit Avira und MBAM haben jetzt nichts mehr ergeben (Logs siehe unten).

dds funktioniert bei mir nicht. Die Startmeldung wurde zwar angezeigt, es erfolgte aber auch nach Ablauf der 3 Minuten keine Anzeige irgendwelcher Logdateien.

GMER-Log:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-03-02 17:52:27

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD1600BEVT-22ZCT0 rev.11.01A11

Running: rtxyj44p.exe; Driver: C:\Users\***\AppData\Local\Temp\pwliyfow.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            88968646                                                                                              ZwCreateSection

SSDT            8896864B                                                                                              ZwSetContextThread

SSDT            889685E7                                                                                              ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                         81EB9998 4 Bytes  [46, 86, 96, 88]

.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                         81EB9CF0 4 Bytes  [4B, 86, 96, 88]

.text           ntkrnlpa.exe!KeSetEvent + 621                                                                         81EB9DA4 4 Bytes  [E7, 85, 96, 88]

.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                              section is writeable [0x8B609340, 0x3DC4A7, 0xE8000020]
 

---- User code sections - GMER 1.0.15 ----
 

.text           C:\Program Files\Real\RealPlayer\Update\realsched.exe[3904] kernel32.dll!SetUnhandledExceptionFilter  76E4A8C5 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                               Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                              fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                              AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
 

---- Files - GMER 1.0.15 ----
 

File            C:\ADSM_PData_0150                                                                                    0 bytes

File            C:\ADSM_PData_0150\DB                                                                                 0 bytes

File            C:\ADSM_PData_0150\DB\SI.db                                                                           624 bytes

File            C:\ADSM_PData_0150\DB\UL.db                                                                           16 bytes

File            C:\ADSM_PData_0150\DB\VL.db                                                                           16 bytes

File            C:\ADSM_PData_0150\DB\_avt                                                                            512 bytes

File            C:\ADSM_PData_0150\DragWait.exe                                                                       253952 bytes executable

File            C:\ADSM_PData_0150\_avt                                                                               512 bytes

File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86                                           0 bytes

File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys                                 29752 bytes executable

File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt                                      512 bytes
 

---- EOF - GMER 1.0.15 ----

MBAM-Log:

Code:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.01.02
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 7.0.6002.18005

*** :: ***-PC [Administrator]
 

01.03.2012 15:50:04

mbam-log-2012-03-01 (15-50-04).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 306885

Laufzeit: 1 Stunde(n), 29 Minute(n), 55 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Avira-Log:

Code:


 

Avira AntiVir Personal

Erstellungsdatum der Reportdatei: Donnerstag, 1. März 2012  17:24
 

Es wird nach 3511707 Virenstämmen gesucht.
 

Das Programm läuft als uneingeschränkte Vollversion.

Online-Dienste stehen zur Verfügung.
 

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus

Seriennummer   : 0000149996-ADJIE-0000001

Plattform      : Windows Vista

Windowsversion : (Service Pack 2)  [6.0.6002]

Boot Modus     : Normal gebootet

Benutzername   : ***

Computername   : ***-PC
 

Versionsinformationen:

BUILD.DAT      : 10.2.0.707     36070 Bytes  25.01.2012 12:53:00

AVSCAN.EXE     : 10.3.0.7      484008 Bytes  28.06.2011 13:15:59

AVSCAN.DLL     : 10.0.5.0       57192 Bytes  28.06.2011 13:15:58

LUKE.DLL       : 10.3.0.5       45416 Bytes  28.06.2011 13:15:59

LUKERES.DLL    : 10.0.0.0       13672 Bytes  14.01.2010 10:59:47

AVSCPLR.DLL    : 10.3.0.7      119656 Bytes  28.06.2011 13:16:00

AVREG.DLL      : 10.3.0.9       88833 Bytes  12.07.2011 10:43:06

VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 06:35:52

VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 14:41:12

VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 14:39:04

VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 14:04:02

VBASE004.VDF   : 7.11.21.239     2048 Bytes  01.02.2012 14:04:02

VBASE005.VDF   : 7.11.21.240     2048 Bytes  01.02.2012 14:04:02

VBASE006.VDF   : 7.11.21.241     2048 Bytes  01.02.2012 14:04:02

VBASE007.VDF   : 7.11.21.242     2048 Bytes  01.02.2012 14:04:02

VBASE008.VDF   : 7.11.21.243     2048 Bytes  01.02.2012 14:04:02

VBASE009.VDF   : 7.11.21.244     2048 Bytes  01.02.2012 14:04:02

VBASE010.VDF   : 7.11.21.245     2048 Bytes  01.02.2012 14:04:02

VBASE011.VDF   : 7.11.21.246     2048 Bytes  01.02.2012 14:04:02

VBASE012.VDF   : 7.11.21.247     2048 Bytes  01.02.2012 14:04:02

VBASE013.VDF   : 7.11.22.33   1486848 Bytes  03.02.2012 14:55:35

VBASE014.VDF   : 7.11.22.56    687616 Bytes  03.02.2012 14:55:53

VBASE015.VDF   : 7.11.22.92    178176 Bytes  06.02.2012 14:57:04

VBASE016.VDF   : 7.11.22.154   144896 Bytes  08.02.2012 11:59:49

VBASE017.VDF   : 7.11.22.220   183296 Bytes  13.02.2012 11:21:59

VBASE018.VDF   : 7.11.23.34    202752 Bytes  15.02.2012 13:47:43

VBASE019.VDF   : 7.11.23.98    126464 Bytes  17.02.2012 15:12:32

VBASE020.VDF   : 7.11.23.150   148480 Bytes  20.02.2012 14:40:03

VBASE021.VDF   : 7.11.23.224   172544 Bytes  23.02.2012 14:33:38

VBASE022.VDF   : 7.11.24.52    219648 Bytes  28.02.2012 14:36:28

VBASE023.VDF   : 7.11.24.53      2048 Bytes  28.02.2012 14:36:28

VBASE024.VDF   : 7.11.24.54      2048 Bytes  28.02.2012 14:36:28

VBASE025.VDF   : 7.11.24.55      2048 Bytes  28.02.2012 14:36:28

VBASE026.VDF   : 7.11.24.56      2048 Bytes  28.02.2012 14:36:28

VBASE027.VDF   : 7.11.24.57      2048 Bytes  28.02.2012 14:36:28

VBASE028.VDF   : 7.11.24.58      2048 Bytes  28.02.2012 14:36:28

VBASE029.VDF   : 7.11.24.59      2048 Bytes  28.02.2012 14:36:28

VBASE030.VDF   : 7.11.24.60      2048 Bytes  28.02.2012 14:36:28

VBASE031.VDF   : 7.11.24.108    71168 Bytes  01.03.2012 16:22:41

Engineversion  : 8.2.10.8  

AEVDF.DLL      : 8.1.2.2       106868 Bytes  27.10.2011 13:18:11

AESCRIPT.DLL   : 8.1.4.7       442746 Bytes  25.02.2012 14:33:46

AESCN.DLL      : 8.1.8.2       131444 Bytes  28.01.2012 14:25:50

AESBX.DLL      : 8.2.4.5       434549 Bytes  03.12.2011 14:40:45

AERDL.DLL      : 8.1.9.15      639348 Bytes  09.09.2011 13:25:03

AEPACK.DLL     : 8.2.16.3      799094 Bytes  10.02.2012 14:31:27

AEOFFICE.DLL   : 8.1.2.25      201084 Bytes  31.12.2011 15:01:39

AEHEUR.DLL     : 8.1.4.0      4436342 Bytes  25.02.2012 14:33:46

AEHELP.DLL     : 8.1.19.0      254327 Bytes  21.01.2012 13:11:23

AEGEN.DLL      : 8.1.5.21      409971 Bytes  04.02.2012 14:56:03

AEEXP.DLL      : 8.1.0.23       70005 Bytes  25.02.2012 14:33:46

AEEMU.DLL      : 8.1.3.0       393589 Bytes  22.11.2010 19:22:05

AECORE.DLL     : 8.1.25.4      201079 Bytes  15.02.2012 11:22:02

AEBB.DLL       : 8.1.1.0        53618 Bytes  01.05.2010 15:15:59

AVWINLL.DLL    : 10.0.0.0       19304 Bytes  14.01.2010 10:59:10

AVPREF.DLL     : 10.0.3.2       44904 Bytes  28.06.2011 13:15:58

AVREP.DLL      : 10.0.0.10     174120 Bytes  17.05.2011 12:01:14

AVARKT.DLL     : 10.0.26.1     255336 Bytes  28.06.2011 13:15:58

AVEVTLOG.DLL   : 10.0.0.9      203112 Bytes  28.06.2011 13:15:58

SQLITE3.DLL    : 3.6.19.0      355688 Bytes  28.01.2010 11:57:53

AVSMTP.DLL     : 10.0.0.17      63848 Bytes  16.03.2010 14:38:54

NETNT.DLL      : 10.0.0.0       11624 Bytes  19.02.2010 13:40:55

RCIMAGE.DLL    : 10.0.0.35    2589544 Bytes  28.06.2011 13:15:58

RCTEXT.DLL     : 10.0.64.0      98664 Bytes  28.06.2011 13:15:58
 

Konfiguration für den aktuellen Suchlauf:

Job Name..............................: Suche nach Rootkits und aktiver Malware

Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\rootkit.avp

Protokollierung.......................: standard

Primäre Aktion........................: interaktiv

Sekundäre Aktion......................: umbenennen

Durchsuche Masterbootsektoren.........: ein

Durchsuche Bootsektoren...............: ein

Durchsuche aktive Programme...........: ein

Laufende Programme erweitert..........: ein

Durchsuche Registrierung..............: ein

Suche nach Rootkits...................: ein

Integritätsprüfung von Systemdateien..: aus

Datei Suchmodus.......................: Alle Dateien

Durchsuche Archive....................: ein

Rekursionstiefe einschränken..........: 20

Archiv Smart Extensions...............: ein

Makrovirenheuristik...................: ein

Dateiheuristik........................: vollständig

Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
 

Beginn des Suchlaufs: Donnerstag, 1. März 2012  17:24
 

Der Suchlauf nach versteckten Objekten wird begonnen.

c:\adsm_pdata_0150\dragwait.exe

c:\adsm_pdata_0150\dragwait.exe

  [HINWEIS]   Die Datei ist nicht sichtbar.

c:\adsm_pdata_0150\_avt

c:\adsm_pdata_0150\_avt

  [HINWEIS]   Die Datei ist nicht sichtbar.

c:\adsm_pdata_0150\db\si.db

c:\adsm_pdata_0150\db\si.db

  [HINWEIS]   Die Datei ist nicht sichtbar.

c:\adsm_pdata_0150\db\ul.db

c:\adsm_pdata_0150\db\ul.db

  [HINWEIS]   Die Datei ist nicht sichtbar.

c:\adsm_pdata_0150\db\vl.db

c:\adsm_pdata_0150\db\vl.db

  [HINWEIS]   Die Datei ist nicht sichtbar.

c:\adsm_pdata_0150\db\_avt

c:\adsm_pdata_0150\db\_avt

  [HINWEIS]   Die Datei ist nicht sichtbar.

c:\program files\asus\asus data security manager\driver\x86\asdsm.sys

c:\program files\asus\asus data security manager\driver\x86\asdsm.sys

  [HINWEIS]   Die Datei ist nicht sichtbar.

c:\program files\asus\asus data security manager\driver\x86\_avt

c:\program files\asus\asus data security manager\driver\x86\_avt

  [HINWEIS]   Die Datei ist nicht sichtbar.

c:\adsm_pdata_0150

c:\adsm_pdata_0150

  [HINWEIS]   Das Verzeichnis ist nicht sichtbar.

c:\adsm_pdata_0150\db

c:\adsm_pdata_0150\db

  [HINWEIS]   Das Verzeichnis ist nicht sichtbar.

c:\program files\asus\asus data security manager\driver\x86

c:\program files\asus\asus data security manager\driver\x86

  [HINWEIS]   Das Verzeichnis ist nicht sichtbar.
 

Der Suchlauf über gestartete Prozesse wird begonnen:

Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht

Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht

Durchsuche Prozess 'avscan.exe' - '69' Modul(e) wurden durchsucht

Durchsuche Prozess 'avcenter.exe' - '94' Modul(e) wurden durchsucht

Durchsuche Prozess 'plugin-container.exe' - '74' Modul(e) wurden durchsucht

Durchsuche Prozess 'firefox.exe' - '122' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht

Durchsuche Prozess 'SynTPHelper.exe' - '13' Modul(e) wurden durchsucht

Durchsuche Prozess 'iPodService.exe' - '30' Modul(e) wurden durchsucht

Durchsuche Prozess 'wmplayer.exe' - '92' Modul(e) wurden durchsucht

Durchsuche Prozess 'mobsync.exe' - '42' Modul(e) wurden durchsucht

Durchsuche Prozess 'WUDFHost.exe' - '33' Modul(e) wurden durchsucht

Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht

Durchsuche Prozess 'SDWinSec.exe' - '47' Modul(e) wurden durchsucht

Durchsuche Prozess 'SearchIndexer.exe' - '59' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '7' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht

Durchsuche Prozess 'spmgr.exe' - '38' Modul(e) wurden durchsucht

Durchsuche Prozess 'RichVideo.exe' - '22' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '22' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '22' Modul(e) wurden durchsucht

Durchsuche Prozess 'mDNSResponder.exe' - '28' Modul(e) wurden durchsucht

Durchsuche Prozess 'AppleMobileDeviceService.exe' - '64' Modul(e) wurden durchsucht

Durchsuche Prozess 'avguard.exe' - '78' Modul(e) wurden durchsucht

Durchsuche Prozess 'agrsmsvc.exe' - '16' Modul(e) wurden durchsucht

Durchsuche Prozess 'armsvc.exe' - '25' Modul(e) wurden durchsucht

Durchsuche Prozess 'SASCORE.EXE' - '18' Modul(e) wurden durchsucht

Durchsuche Prozess 'WDC.exe' - '26' Modul(e) wurden durchsucht

Durchsuche Prozess 'KBFiltr.exe' - '12' Modul(e) wurden durchsucht

Durchsuche Prozess 'Biet-O-Matic.exe' - '62' Modul(e) wurden durchsucht

Durchsuche Prozess 'TeaTimer.exe' - '38' Modul(e) wurden durchsucht

Durchsuche Prozess 'realsched.exe' - '32' Modul(e) wurden durchsucht

Durchsuche Prozess 'iTunesHelper.exe' - '65' Modul(e) wurden durchsucht

Durchsuche Prozess 'ATKOSD.exe' - '12' Modul(e) wurden durchsucht

Durchsuche Prozess 'jusched.exe' - '28' Modul(e) wurden durchsucht

Durchsuche Prozess 'avgnt.exe' - '57' Modul(e) wurden durchsucht

Durchsuche Prozess 'DMedia.exe' - '13' Modul(e) wurden durchsucht

Durchsuche Prozess 'ASUSTPE.exe' - '21' Modul(e) wurden durchsucht

Durchsuche Prozess 'SynTPEnh.exe' - '33' Modul(e) wurden durchsucht

Durchsuche Prozess 'RtHDVCpl.exe' - '48' Modul(e) wurden durchsucht

Durchsuche Prozess 'ATKOSD2.exe' - '23' Modul(e) wurden durchsucht

Durchsuche Prozess 'HControlUser.exe' - '16' Modul(e) wurden durchsucht

Durchsuche Prozess 'ACEngSvr.exe' - '31' Modul(e) wurden durchsucht

Durchsuche Prozess 'ACMON.exe' - '36' Modul(e) wurden durchsucht

Durchsuche Prozess 'BatteryLife.exe' - '25' Modul(e) wurden durchsucht

Durchsuche Prozess 'aspg.exe' - '21' Modul(e) wurden durchsucht

Durchsuche Prozess 'wcourier.exe' - '21' Modul(e) wurden durchsucht

Durchsuche Prozess 'MsgTranAgt.exe' - '12' Modul(e) wurden durchsucht

Durchsuche Prozess 'Hcontrol.exe' - '58' Modul(e) wurden durchsucht

Durchsuche Prozess 'Explorer.EXE' - '127' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht

Durchsuche Prozess 'Dwm.exe' - '24' Modul(e) wurden durchsucht

Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht

Durchsuche Prozess 'spoolsv.exe' - '82' Modul(e) wurden durchsucht

Durchsuche Prozess 'WLANExt.exe' - '45' Modul(e) wurden durchsucht

Durchsuche Prozess 'GFNEXSrv.exe' - '12' Modul(e) wurden durchsucht

Durchsuche Prozess 'ASLDRSrv.exe' - '25' Modul(e) wurden durchsucht

Durchsuche Prozess 'ADSMSrv.exe' - '12' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '96' Modul(e) wurden durchsucht

Durchsuche Prozess 'rundll32.exe' - '44' Modul(e) wurden durchsucht

Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '150' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '115' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht

Durchsuche Prozess 'nvvsvc.exe' - '24' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht

Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht

Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht

Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht

Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht

Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht

Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht

Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht

Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
 

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:

Die Registry wurde durchsucht ( '1213' Dateien ).
 
 

Der Suchlauf über die ausgewählten Dateien wird begonnen:
 

Beginne mit der Suche in 'C:' <VistaOS>

C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZRG0LSUN\Firefox_Setup_4.0.1[1].exe

  --> Object

      [WARNUNG]   Die Datei konnte nicht gelesen werden!

  [WARNUNG]   Die Datei konnte nicht gelesen werden!
 
 

Ende des Suchlaufs: Donnerstag, 1. März 2012  19:39

Benötigte Zeit:  2:15:05 Stunde(n)
 

Der Suchlauf wurde vollständig durchgeführt.
 

  30121 Verzeichnisse wurden überprüft

 408165 Dateien wurden geprüft

      0 Viren bzw. unerwünschte Programme wurden gefunden

      0 Dateien wurden als verdächtig eingestuft

      0 Dateien wurden gelöscht

      0 Viren bzw. unerwünschte Programme wurden repariert

      0 Dateien wurden in die Quarantäne verschoben

      0 Dateien wurden umbenannt

      0 Dateien konnten nicht durchsucht werden

 408165 Dateien ohne Befall

   3346 Archive wurden durchsucht

      2 Warnungen

     11 Hinweise

 640362 Objekte wurden beim Rootkitscan durchsucht

     11 Versteckte Objekte wurden gefunden

Zitat:

Avira hat mir kürzlich das Vorhandensein von TR/Dropper.Gen8 gemeldet. Bei der Durchsicht vergangener Ereignisse ist mir noch eine Meldung von HTML/Rce.Gen aufgefallen.

Aussage ist ungenügend/ungenau, man braucht das Log dazu

Zitat:

Da TR/Dropper.Gen8 u.a. in der mbam.exe gefunden wurde, habe ich MBAM deinstalliert, anschließend neu installiert.

Halte ich für einen Fehalarm

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Im Anhang sind die vorhandenen Malwarebytes-Logs und das Avira-Log.

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Das ESET-Log ist fertig:

Code:

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=1

esets_scanner_update returned -1 esets_gle=1

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=1

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=7ae560ceff793b47a0677666fd1e07d5

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-03-06 03:07:00

# local_time=2012-03-06 04:07:00 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 58307044 58307044 0 0

# compatibility_mode=1797 16775165 100 94 773693 67576631 158730 0

# compatibility_mode=4096 16777215 100 0 0 0 0 0

# compatibility_mode=5892 16776573 100 100 4102 168572547 0 0

# compatibility_mode=8192 67108863 100 0 24100344 24100344 0 0

# scanned=132073

# found=2

# cleaned=0

# scan_time=6645

C:\$RECYCLE.BIN\S-1-5-21-304298557-2416404760-3250698555-1000\$RSQ8T7Y.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

C:\$RECYCLE.BIN\S-1-5-21-304298557-2416404760-3250698555-1000\$RFT27ER\A2WSA.EXE        probably a variant of Qres.316 virus (unable to clean)        00000000000000000000000000000000        I

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

OTL Logfile:

Code:

OTL logfile created on: 06.03.2012 19:57:47 - Run 3

OTL by OldTimer - Version 3.2.35.1     Folder = C:\Users\***\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 68,59% Memory free

4,24 Gb Paging File | 3,40 Gb Available in Paging File | 80,22% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 74,52 Gb Total Space | 27,08 Gb Free Space | 36,33% Space Free | Partition Type: NTFS

Drive D: | 64,76 Gb Total Space | 62,74 Gb Free Space | 96,88% Space Free | Partition Type: NTFS

Drive E: | 696,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.03.06 19:55:22 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

PRC - [2012.01.16 03:50:05 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe

PRC - [2011.08.12 16:35:21 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

PRC - [2011.06.28 14:15:58 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.04.28 15:18:06 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010.11.03 14:31:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.10.10 17:15:46 | 001,265,664 | ---- | M] (www.bid-o-matic.org) -- C:\Program Files\Biet-O-Matic\Biet-O-Matic.exe

PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2008.07.09 17:14:06 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe

PRC - [2008.06.25 03:01:08 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe

PRC - [2008.06.19 20:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe

PRC - [2008.06.04 01:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe

PRC - [2008.03.18 20:27:11 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

PRC - [2008.03.17 07:17:31 | 005,320,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008.02.01 23:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe

PRC - [2008.01.23 23:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe

PRC - [2008.01.23 18:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe

PRC - [2008.01.12 06:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe

PRC - [2007.12.04 18:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe

PRC - [2007.11.05 03:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe

PRC - [2007.10.12 05:44:28 | 000,106,496 | ---- | M] (ASUS) -- C:\Windows\System32\ASUSTPE.exe

PRC - [2007.10.03 05:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe

PRC - [2007.08.15 19:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe

PRC - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe

PRC - [2007.08.03 20:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

PRC - [2007.07.06 00:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe

PRC - [2007.05.18 10:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

PRC - [2005.07.06 23:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010.06.29 09:31:12 | 000,652,800 | ---- | M] () -- C:\PROGRA~1\IZArc\IZArcCM.dll

MOD - [2009.08.23 18:58:06 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll

MOD - [2008.11.04 10:17:08 | 000,443,232 | ---- | M] () -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 4\ContextHandler.dll

MOD - [2008.01.23 23:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe

MOD - [2008.01.12 06:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe

MOD - [2007.11.12 23:41:50 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTran.dll

MOD - [2007.08.08 10:52:08 | 000,331,776 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll

MOD - [2007.06.15 18:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll

MOD - [2007.06.02 01:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.08.12 16:35:21 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)

SRV - [2011.06.28 14:15:58 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.04.28 15:18:06 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008.03.18 20:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2008.01.21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2007.10.03 05:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)

SRV - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2007.08.03 20:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)

SRV - [2007.05.18 10:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (catchme)

DRV - [2011.08.12 16:35:16 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2011.08.12 16:35:16 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)

DRV - [2011.06.28 14:16:00 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.06.28 14:16:00 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.02.13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008.06.03 22:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)

DRV - [2008.05.29 18:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\lullaby.sys -- (lullaby)

DRV - [2008.05.01 02:09:59 | 007,448,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008.04.27 19:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008.03.21 20:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2007.11.16 05:09:03 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)

DRV - [2007.08.11 04:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)

DRV - [2007.08.03 20:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)

DRV - [2007.07.24 19:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)

DRV - [2006.12.15 08:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)

DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-304298557-2416404760-3250698555-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.de

IE - HKU\S-1-5-21-304298557-2416404760-3250698555-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-304298557-2416404760-3250698555-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-304298557-2416404760-3250698555-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}

IE - HKU\S-1-5-21-304298557-2416404760-3250698555-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-304298557-2416404760-3250698555-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=IMB&o=15785&src=crm&q={searchTerms}&locale=de_DE

IE - HKU\S-1-5-21-304298557-2416404760-3250698555-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-304298557-2416404760-3250698555-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-304298557-2416404760-3250698555-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "google.de"

FF - prefs.js..network.proxy.type: 0

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.01.16 03:50:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 16:30:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.16 03:50:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.02.03 00:01:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

[2011.05.27 19:42:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2012.02.28 10:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xvhu1y2j.default\extensions

[2012.01.25 14:17:22 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xvhu1y2j.default\extensions\firefox@ghostery.com

[2011.11.10 15:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2009.05.15 19:13:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XVHU1Y2J.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI

() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XVHU1Y2J.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XVHU1Y2J.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI

[2012.02.18 16:30:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.06.03 19:50:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010.03.19 08:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll

[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010.07.19 18:47:11 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src

[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.05.29 15:13:08 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.

O3 - HKU\S-1-5-21-304298557-2416404760-3250698555-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\ASUSTek\ASUSDVD\Language\Language.exe ()

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-304298557-2416404760-3250698555-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Biet-O-Matic.lnk = C:\Program Files\Biet-O-Matic\Biet-O-Matic.exe (www.bid-o-matic.org)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-304298557-2416404760-3250698555-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-304298557-2416404760-3250698555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKU\S-1-5-21-304298557-2416404760-3250698555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-21-304298557-2416404760-3250698555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0176B415-A8EA-457B-81B5-0430488F8EAB}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB65292E-1F01-4C27-AE97-25FCCD13A6E4}: DhcpNameServer = 192.168.178.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [1998.09.15 11:14:30 | 000,168,448 | R--- | M] (Sierra On-Line, Inc.) - E:\autorun.exe -- [ CDFS ]

O32 - AutoRun File - [1998.10.15 11:10:06 | 000,000,229 | R--- | M] () - E:\autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)

SafeBootMin: AppMgmt -  File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)

SafeBootNet: AppMgmt -  File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player 9 ActiveX

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: wave1 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.06 19:55:19 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2012.03.06 14:13:42 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe

[2012.03.06 14:00:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD

[2012.03.05 16:13:56 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbam logs

[2012.03.02 18:39:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\***\Desktop\dds.scr

[2012.03.02 16:34:43 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\***\Desktop\dds.com

[2012.03.01 15:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.03.01 15:48:32 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.02.24 20:37:55 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\musik unplugged

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.06 20:00:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.03.06 20:00:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.03.06 19:55:22 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2012.03.06 14:13:47 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe

[2012.03.06 14:01:41 | 000,042,749 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012.03.06 14:00:35 | 000,042,749 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012.03.06 14:00:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.03.05 03:43:08 | 000,000,885 | ---- | M] () -- C:\Users\***\Desktop\mullard three-valve stereo amp.rtf

[2012.03.04 20:20:05 | 000,000,842 | ---- | M] () -- C:\Users\***\Desktop\billiges fernsehprogramm.rtf

[2012.03.03 00:41:17 | 000,098,648 | ---- | M] () -- C:\Users\***\Desktop\first audion which i really like.jpg

[2012.03.02 18:39:41 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\***\Desktop\dds.scr

[2012.03.02 16:38:54 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\rtxyj44p.exe

[2012.03.02 16:34:44 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\***\Desktop\dds.com

[2012.03.02 16:31:03 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe

[2012.03.02 15:42:38 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe

[2012.03.01 21:30:01 | 000,010,803 | ---- | M] () -- C:\Users\***\Desktop\denglisch.rtf

[2012.03.01 15:48:36 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.01 01:45:59 | 000,020,736 | ---- | M] () -- C:\Users\***\Desktop\HA entwürfe.odt

[2012.02.27 21:25:34 | 000,000,667 | ---- | M] () -- C:\Users\***\Desktop\zu kaufende cds.rtf

[2012.02.25 02:04:59 | 000,083,243 | ---- | M] () -- C:\Users\***\Desktop\kohl2.jpg

[2012.02.21 02:55:02 | 000,360,188 | ---- | M] () -- C:\Users\***\Desktop\sachverhalt HA.pdf

[2012.02.21 00:57:19 | 000,052,384 | ---- | M] () -- C:\Users\***\Desktop\demokratie und soziale marktwirtschaft.pdf

[2012.02.20 21:09:23 | 000,080,861 | ---- | M] () -- C:\Users\***\Desktop\kohl.jpg

[2012.02.19 03:43:53 | 000,062,280 | ---- | M] () -- C:\Users\***\Desktop\ecc83 audion.jpg

[2012.02.17 16:07:57 | 000,388,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.02.17 03:04:03 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.02.17 03:04:03 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.02.17 03:04:03 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.02.17 03:04:03 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.02.15 03:04:16 | 000,002,013 | ---- | M] () -- C:\Users\***\Desktop\leistungsträger.rtf

[2012.02.13 04:39:08 | 000,304,766 | ---- | M] () -- C:\Users\***\Desktop\erich-honecker-gedächtnispreis.odt

[2012.02.11 05:02:08 | 006,000,054 | ---- | M] () -- C:\Users\***\Desktop\polizeiauto2.bmp

[2012.02.11 04:28:08 | 002,001,078 | ---- | M] () -- C:\Users\***\Documents\Unbenannt.bmp

[2012.02.10 01:35:08 | 000,006,184 | ---- | M] () -- C:\Users\***\Desktop\musiker und bands.rtf

[2012.02.09 01:34:47 | 000,000,183 | ---- | M] () -- C:\Users\***\Desktop\cseke arzttermin.rtf

[2012.02.08 16:40:23 | 002,941,082 | ---- | M] () -- C:\Users\***\Desktop\stoiber2.mp3

[2012.02.06 23:25:02 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable

[2012.02.06 20:11:04 | 000,029,620 | ---- | M] () -- C:\Users\***\Desktop\freiheit und sozialismus.odt

 
 ========== Files Created - No Company Name ==========

 

[2012.03.05 03:41:21 | 000,000,885 | ---- | C] () -- C:\Users\***\Desktop\mullard three-valve stereo amp.rtf

[2012.03.03 00:38:54 | 000,098,648 | ---- | C] () -- C:\Users\***\Desktop\first audion which i really like.jpg

[2012.03.02 16:38:53 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\rtxyj44p.exe

[2012.03.02 16:30:59 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe

[2012.03.01 15:48:36 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.01 01:24:43 | 000,020,736 | ---- | C] () -- C:\Users\***\Desktop\HA entwürfe.odt

[2012.02.25 02:04:58 | 000,083,243 | ---- | C] () -- C:\Users\***\Desktop\kohl2.jpg

[2012.02.21 02:55:02 | 000,360,188 | ---- | C] () -- C:\Users\***\Desktop\sachverhalt HA.pdf

[2012.02.21 00:57:18 | 000,052,384 | ---- | C] () -- C:\Users\***\Desktop\demokratie und soziale marktwirtschaft.pdf

[2012.02.20 21:09:22 | 000,080,861 | ---- | C] () -- C:\Users\***\Desktop\kohl.jpg

[2012.02.19 03:18:06 | 000,062,280 | ---- | C] () -- C:\Users\***\Desktop\ecc83 audion.jpg

[2012.02.17 04:29:00 | 000,000,842 | ---- | C] () -- C:\Users\***\Desktop\billiges fernsehprogramm.rtf

[2012.02.15 03:04:15 | 000,002,013 | ---- | C] () -- C:\Users\***\Desktop\leistungsträger.rtf

[2012.02.13 04:39:05 | 000,304,766 | ---- | C] () -- C:\Users\***\Desktop\erich-honecker-gedächtnispreis.odt

[2012.02.11 04:53:35 | 006,000,054 | ---- | C] () -- C:\Users\***\Desktop\polizeiauto2.bmp

[2012.02.11 04:27:54 | 002,001,078 | ---- | C] () -- C:\Users\***\Documents\Unbenannt.bmp

[2012.02.10 01:35:08 | 000,006,184 | ---- | C] () -- C:\Users\***\Desktop\musiker und bands.rtf

[2012.02.09 01:34:46 | 000,000,183 | ---- | C] () -- C:\Users\***\Desktop\cseke arzttermin.rtf

[2012.02.08 16:33:23 | 002,941,082 | ---- | C] () -- C:\Users\***\Desktop\stoiber2.mp3

[2012.02.06 23:25:02 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable

[2011.06.18 13:59:13 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe

[2011.06.03 19:55:02 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll

[2011.05.30 15:03:21 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2011.05.30 15:03:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011.05.30 15:03:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011.05.30 15:03:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011.05.30 15:03:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011.04.29 16:38:11 | 000,148,340 | ---- | C] () -- C:\Windows\hphins33.dat

[2011.04.29 16:38:11 | 000,000,512 | ---- | C] () -- C:\Windows\hphmdl33.dat

[2011.04.29 14:13:52 | 000,175,517 | ---- | C] () -- C:\Windows\hphins26.dat.temp

[2011.04.29 14:13:52 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl26.dat.temp

[2011.04.29 13:57:48 | 000,175,504 | ---- | C] () -- C:\Windows\hphins26.dat

[2011.04.29 13:57:48 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl26.dat

[2010.08.03 19:43:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010.08.03 19:42:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010.04.07 21:46:32 | 000,000,073 | ---- | C] () -- C:\Windows\wininit.ini

[2010.04.07 21:42:44 | 000,000,326 | ---- | C] () -- C:\Windows\SIERRA.INI

 
 ========== LOP Check ==========

 

[2009.09.21 23:10:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.config

[2011.09.26 23:09:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon

[2012.03.06 20:01:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BOM

[2011.06.16 14:33:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CadSoft

[2011.06.03 23:26:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\COWON

[2011.05.27 19:22:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DriverCure

[2011.08.10 23:38:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft

[2011.03.10 23:27:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.07.20 19:46:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Electronics 2000

[2011.06.03 19:58:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla

[2010.03.30 22:11:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0

[2010.05.02 16:22:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn

[2008.10.18 17:45:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org

[2011.05.27 19:22:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ParetoLogic

[2009.09.07 16:25:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Qualcomm

[2011.01.08 03:26:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\REAPER

[2012.02.03 00:01:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird

[2011.11.09 21:20:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WavePurity

[2009.02.05 17:04:07 | 000,021,986 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2009.09.21 23:10:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.config

[2011.05.30 23:17:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe

[2011.09.26 23:09:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon

[2011.10.19 20:27:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer

[2010.05.01 16:15:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira

[2012.03.06 20:01:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BOM

[2011.06.16 14:33:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CadSoft

[2011.06.03 23:26:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\COWON

[2009.12.08 19:52:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink

[2011.05.27 19:22:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DriverCure

[2011.08.10 23:38:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft

[2011.03.10 23:27:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.07.20 19:46:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Electronics 2000

[2011.06.03 19:58:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla

[2010.03.30 22:11:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0

[2008.10.18 14:14:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities

[2010.05.02 16:22:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn

[2008.10.18 14:15:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia

[2010.05.01 14:34:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2011.05.30 23:17:49 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft

[2011.05.27 19:42:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla

[2008.10.18 17:45:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org

[2011.05.27 19:22:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ParetoLogic

[2009.09.07 16:25:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Qualcomm

[2012.01.16 03:52:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Real

[2011.01.08 03:26:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\REAPER

[2011.02.24 17:04:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SmartFTP

[2011.05.31 13:35:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com

[2008.10.18 14:16:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Symantec

[2012.02.03 00:01:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird

[2011.11.09 21:20:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WavePurity

 
 < %APPDATA%\*.exe /s >

[2011.04.29 16:32:54 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys

[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 03:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 03:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

[2008.01.21 03:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 03:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe

[2008.01.21 03:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 03:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 03:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe

[2008.01.21 03:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 03:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 03:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 03:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 03:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 04:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 04:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 04:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2008.01.21 03:33:49 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvbvm60.dll

 
 <           >
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-304298557-2416404760-3250698555-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-304298557-2416404760-3250698555-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-304298557-2416404760-3250698555-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}

IE - HKU\S-1-5-21-304298557-2416404760-3250698555-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-304298557-2416404760-3250698555-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=IMB&o=15785&src=crm&q={searchTerms}&locale=de_DE

IE - HKU\S-1-5-21-304298557-2416404760-3250698555-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

[2011.11.10 15:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2009.05.15 19:13:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.07.19 18:47:11 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src

O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.

O3 - HKU\S-1-5-21-304298557-2416404760-3250698555-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.

O4 - HKU\S-1-5-21-304298557-2416404760-3250698555-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-304298557-2416404760-3250698555-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-304298557-2416404760-3250698555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKU\S-1-5-21-304298557-2416404760-3250698555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-21-304298557-2416404760-3250698555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O32 - HKLM CDRom: AutoRun - 1

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKU\S-1-5-21-304298557-2416404760-3250698555-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-304298557-2416404760-3250698555-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

HKEY_USERS\S-1-5-21-304298557-2416404760-3250698555-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-304298557-2416404760-3250698555-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-304298557-2416404760-3250698555-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.

Registry key HKEY_USERS\S-1-5-21-304298557-2416404760-3250698555-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.

C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.

C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.

C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.

C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.

C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.

C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.

C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.

C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.

C:\Program Files\mozilla firefox\extensions folder moved successfully.

Folder C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.

C:\Program Files\mozilla firefox\searchplugins\foxsearch.src moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.

Registry value HKEY_USERS\S-1-5-21-304298557-2416404760-3250698555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.

Registry value HKEY_USERS\S-1-5-21-304298557-2416404760-3250698555-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveTrack deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoPropertiesMyComputer deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFileAssociate deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMHelp deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-21-304298557-2416404760-3250698555-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-304298557-2416404760-3250698555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.

Registry value HKEY_USERS\S-1-5-21-304298557-2416404760-3250698555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks deleted successfully.

Registry value HKEY_USERS\S-1-5-21-304298557-2416404760-3250698555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: ***

->Temp folder emptied: 206902088 bytes

->Temporary Internet Files folder emptied: 8113633 bytes

->Java cache emptied: 24999216 bytes

->FireFox cache emptied: 815569843 bytes

->Flash cache emptied: 76264 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 54507533 bytes

RecycleBin emptied: 4701284076 bytes

 

Total Files Cleaned = 5.542,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.35.1 log created on 03062012_213017
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

TDSS-Log:

Code:

15:06:59.0462 4168        TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39

15:06:59.0742 4168        ============================================================

15:06:59.0742 4168        Current date / time: 2012/03/07 15:06:59.0742

15:06:59.0742 4168        SystemInfo:

15:06:59.0742 4168        

15:06:59.0742 4168        OS Version: 6.0.6002 ServicePack: 2.0

15:06:59.0742 4168        Product type: Workstation

15:06:59.0743 4168        ComputerName: ***-PC

15:06:59.0743 4168        UserName: ***

15:06:59.0743 4168        Windows directory: C:\Windows

15:06:59.0743 4168        System windows directory: C:\Windows

15:06:59.0743 4168        Processor architecture: Intel x86

15:06:59.0743 4168        Number of processors: 1

15:06:59.0743 4168        Page size: 0x1000

15:06:59.0743 4168        Boot type: Normal boot

15:06:59.0743 4168        ============================================================

15:07:01.0344 4168        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

15:07:01.0386 4168        \Device\Harddisk0\DR0:

15:07:01.0399 4168        MBR used

15:07:01.0399 4168        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388B3B, BlocksNum 0x950A600

15:07:01.0432 4168        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xA89317A, BlocksNum 0x8185947

15:07:01.0887 4168        Initialize success

15:07:01.0887 4168        ============================================================

15:08:03.0182 4644        ============================================================

15:08:03.0182 4644        Scan started

15:08:03.0182 4644        Mode: Manual; SigCheck; TDLFS; 

15:08:03.0182 4644        ============================================================

15:08:03.0877 4644        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

15:08:04.0123 4644        ACPI - ok

15:08:04.0251 4644        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

15:08:04.0295 4644        adp94xx - ok

15:08:04.0355 4644        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

15:08:04.0388 4644        adpahci - ok

15:08:04.0428 4644        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

15:08:04.0456 4644        adpu160m - ok

15:08:04.0498 4644        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

15:08:04.0525 4644        adpu320 - ok

15:08:04.0655 4644        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

15:08:04.0745 4644        AFD - ok

15:08:04.0828 4644        AgereSoftModem  (1cfeba39fc613e45b49d3eddfbcda289) C:\Windows\system32\DRIVERS\AGRSM.sys

15:08:04.0964 4644        AgereSoftModem - ok

15:08:05.0020 4644        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

15:08:05.0043 4644        agp440 - ok

15:08:05.0086 4644        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

15:08:05.0129 4644        aic78xx - ok

15:08:05.0181 4644        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

15:08:05.0202 4644        aliide - ok

15:08:05.0247 4644        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

15:08:05.0273 4644        amdagp - ok

15:08:05.0306 4644        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

15:08:05.0327 4644        amdide - ok

15:08:05.0381 4644        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

15:08:05.0454 4644        AmdK7 - ok

15:08:05.0482 4644        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

15:08:05.0561 4644        AmdK8 - ok

15:08:05.0676 4644        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

15:08:05.0699 4644        arc - ok

15:08:05.0746 4644        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

15:08:05.0771 4644        arcsas - ok

15:08:05.0828 4644        AsDsm           (4385e371c25c94c804e9d3152bd9e1f7) C:\Windows\system32\drivers\AsDsm.sys

15:08:05.0901 4644        AsDsm - ok

15:08:06.0030 4644        ASMMAP          (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys

15:08:06.0063 4644        ASMMAP - ok

15:08:06.0124 4644        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

15:08:06.0194 4644        AsyncMac - ok

15:08:06.0239 4644        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

15:08:06.0262 4644        atapi - ok

15:08:06.0345 4644        athr            (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys

15:08:06.0488 4644        athr - ok

15:08:06.0840 4644        avgio           (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

15:08:06.0882 4644        avgio - ok

15:08:07.0025 4644        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys

15:08:07.0045 4644        avgntflt - ok

15:08:07.0124 4644        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys

15:08:07.0171 4644        avipbb - ok

15:08:07.0365 4644        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

15:08:07.0442 4644        Beep - ok

15:08:07.0525 4644        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

15:08:07.0589 4644        blbdrive - ok

15:08:07.0668 4644        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

15:08:07.0724 4644        bowser - ok

15:08:07.0783 4644        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

15:08:07.0855 4644        BrFiltLo - ok

15:08:07.0900 4644        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

15:08:07.0960 4644        BrFiltUp - ok

15:08:08.0011 4644        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

15:08:08.0108 4644        Brserid - ok

15:08:08.0149 4644        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

15:08:08.0261 4644        BrSerWdm - ok

15:08:08.0303 4644        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

15:08:08.0402 4644        BrUsbMdm - ok

15:08:08.0434 4644        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

15:08:08.0551 4644        BrUsbSer - ok

15:08:08.0604 4644        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

15:08:08.0700 4644        BTHMODEM - ok

15:08:08.0825 4644        catchme - ok

15:08:08.0935 4644        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

15:08:09.0020 4644        cdfs - ok

15:08:09.0084 4644        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

15:08:09.0155 4644        cdrom - ok

15:08:09.0218 4644        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

15:08:09.0269 4644        circlass - ok

15:08:09.0401 4644        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

15:08:09.0465 4644        CLFS - ok

15:08:09.0564 4644        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

15:08:09.0636 4644        CmBatt - ok

15:08:09.0745 4644        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

15:08:09.0780 4644        cmdide - ok

15:08:09.0825 4644        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

15:08:09.0848 4644        Compbatt - ok

15:08:09.0911 4644        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

15:08:09.0936 4644        crcdisk - ok

15:08:09.0973 4644        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

15:08:10.0034 4644        Crusoe - ok

15:08:10.0158 4644        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

15:08:10.0219 4644        DfsC - ok

15:08:10.0315 4644        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

15:08:10.0354 4644        disk - ok

15:08:10.0483 4644        Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

15:08:10.0544 4644        Dot4 - ok

15:08:10.0585 4644        Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

15:08:10.0646 4644        Dot4Print - ok

15:08:10.0710 4644        dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

15:08:10.0771 4644        dot4usb - ok

15:08:10.0838 4644        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

15:08:10.0894 4644        drmkaud - ok

15:08:10.0961 4644        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

15:08:11.0056 4644        DXGKrnl - ok

15:08:11.0109 4644        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

15:08:11.0199 4644        E1G60 - ok

15:08:11.0277 4644        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

15:08:11.0306 4644        Ecache - ok

15:08:11.0375 4644        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

15:08:11.0429 4644        elxstor - ok

15:08:11.0501 4644        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

15:08:11.0569 4644        ErrDev - ok

15:08:11.0646 4644        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

15:08:11.0696 4644        exfat - ok

15:08:11.0764 4644        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

15:08:11.0832 4644        fastfat - ok

15:08:11.0888 4644        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

15:08:11.0958 4644        fdc - ok

15:08:12.0025 4644        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

15:08:12.0051 4644        FileInfo - ok

15:08:12.0094 4644        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

15:08:12.0161 4644        Filetrace - ok

15:08:12.0200 4644        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

15:08:12.0267 4644        flpydisk - ok

15:08:12.0334 4644        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

15:08:12.0399 4644        FltMgr - ok

15:08:12.0457 4644        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

15:08:12.0518 4644        Fs_Rec - ok

15:08:12.0562 4644        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

15:08:12.0589 4644        gagp30kx - ok

15:08:12.0643 4644        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

15:08:12.0665 4644        GEARAspiWDM - ok

15:08:12.0834 4644        ghaio           (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys

15:08:12.0850 4644        ghaio - ok

15:08:12.0982 4644        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

15:08:13.0092 4644        HdAudAddService - ok

15:08:13.0157 4644        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

15:08:13.0296 4644        HDAudBus - ok

15:08:13.0350 4644        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

15:08:13.0457 4644        HidBth - ok

15:08:13.0518 4644        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

15:08:13.0617 4644        HidIr - ok

15:08:13.0684 4644        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

15:08:13.0759 4644        HidUsb - ok

15:08:13.0810 4644        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

15:08:13.0836 4644        HpCISSs - ok

15:08:13.0904 4644        HTTP            (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys

15:08:14.0049 4644        HTTP - ok

15:08:14.0082 4644        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

15:08:14.0108 4644        i2omp - ok

15:08:14.0180 4644        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

15:08:14.0243 4644        i8042prt - ok

15:08:14.0290 4644        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

15:08:14.0323 4644        iaStorV - ok

15:08:14.0363 4644        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

15:08:14.0388 4644        iirsp - ok

15:08:14.0534 4644        IntcAzAudAddService (dcdfe561f177105e1e365733f09f3e30) C:\Windows\system32\drivers\RTKVHDA.sys

15:08:14.0775 4644        IntcAzAudAddService - ok

15:08:14.0935 4644        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

15:08:14.0962 4644        intelide - ok

15:08:15.0001 4644        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

15:08:15.0055 4644        intelppm - ok

15:08:15.0103 4644        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:08:15.0172 4644        IpFilterDriver - ok

15:08:15.0212 4644        IpInIp - ok

15:08:15.0252 4644        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

15:08:15.0312 4644        IPMIDRV - ok

15:08:15.0353 4644        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

15:08:15.0410 4644        IPNAT - ok

15:08:15.0453 4644        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

15:08:15.0523 4644        IRENUM - ok

15:08:15.0563 4644        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

15:08:15.0591 4644        isapnp - ok

15:08:15.0653 4644        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

15:08:15.0691 4644        iScsiPrt - ok

15:08:15.0738 4644        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

15:08:15.0765 4644        iteatapi - ok

15:08:15.0804 4644        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

15:08:15.0832 4644        iteraid - ok

15:08:15.0870 4644        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

15:08:15.0901 4644        kbdclass - ok

15:08:15.0967 4644        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

15:08:16.0025 4644        kbdhid - ok

15:08:16.0062 4644        kbfiltr         (27bd4ac228ef6c0d490617c32e86a672) C:\Windows\system32\DRIVERS\kbfiltr.sys

15:08:16.0084 4644        kbfiltr - ok

15:08:16.0152 4644        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

15:08:16.0209 4644        KSecDD - ok

15:08:16.0294 4644        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

15:08:16.0362 4644        lltdio - ok

15:08:16.0423 4644        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

15:08:16.0453 4644        LSI_FC - ok

15:08:16.0489 4644        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

15:08:16.0518 4644        LSI_SAS - ok

15:08:16.0579 4644        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

15:08:16.0609 4644        LSI_SCSI - ok

15:08:16.0643 4644        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

15:08:16.0714 4644        luafv - ok

15:08:16.0767 4644        lullaby         (8039f480c192dd99fed4ebc71ffbf795) C:\Windows\system32\DRIVERS\lullaby.sys

15:08:16.0789 4644        lullaby - ok

15:08:16.0839 4644        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

15:08:16.0868 4644        megasas - ok

15:08:16.0915 4644        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

15:08:16.0985 4644        MegaSR - ok

15:08:17.0033 4644        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

15:08:17.0104 4644        Modem - ok

15:08:17.0143 4644        MODEMCSA        (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys

15:08:17.0211 4644        MODEMCSA - ok

15:08:17.0256 4644        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

15:08:17.0328 4644        monitor - ok

15:08:17.0372 4644        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

15:08:17.0439 4644        mouclass - ok

15:08:17.0548 4644        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

15:08:17.0614 4644        mouhid - ok

15:08:17.0656 4644        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

15:08:17.0685 4644        MountMgr - ok

15:08:17.0719 4644        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

15:08:17.0748 4644        mpio - ok

15:08:17.0809 4644        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

15:08:17.0863 4644        mpsdrv - ok

15:08:17.0919 4644        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

15:08:17.0945 4644        Mraid35x - ok

15:08:18.0007 4644        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

15:08:18.0061 4644        MRxDAV - ok

15:08:18.0112 4644        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

15:08:18.0156 4644        mrxsmb - ok

15:08:18.0222 4644        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:08:18.0277 4644        mrxsmb10 - ok

15:08:18.0319 4644        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:08:18.0364 4644        mrxsmb20 - ok

15:08:18.0427 4644        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

15:08:18.0457 4644        msahci - ok

15:08:18.0499 4644        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

15:08:18.0530 4644        msdsm - ok

15:08:18.0597 4644        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

15:08:18.0665 4644        Msfs - ok

15:08:18.0706 4644        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

15:08:18.0736 4644        msisadrv - ok

15:08:18.0802 4644        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

15:08:18.0860 4644        MSKSSRV - ok

15:08:18.0912 4644        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

15:08:18.0985 4644        MSPCLOCK - ok

15:08:19.0023 4644        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

15:08:19.0089 4644        MSPQM - ok

15:08:19.0149 4644        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

15:08:19.0182 4644        MsRPC - ok

15:08:19.0244 4644        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

15:08:19.0273 4644        mssmbios - ok

15:08:19.0298 4644        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

15:08:19.0357 4644        MSTEE - ok

15:08:19.0418 4644        MTsensor        (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys

15:08:19.0460 4644        MTsensor - ok

15:08:19.0506 4644        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

15:08:19.0537 4644        Mup - ok

15:08:19.0604 4644        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

15:08:19.0648 4644        NativeWifiP - ok

15:08:19.0698 4644        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

15:08:19.0792 4644        NDIS - ok

15:08:19.0847 4644        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

15:08:19.0909 4644        NdisTapi - ok

15:08:19.0941 4644        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

15:08:20.0017 4644        Ndisuio - ok

15:08:20.0043 4644        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

15:08:20.0104 4644        NdisWan - ok

15:08:20.0143 4644        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

15:08:20.0191 4644        NDProxy - ok

15:08:20.0245 4644        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

15:08:20.0301 4644        NetBIOS - ok

15:08:20.0357 4644        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

15:08:20.0427 4644        netbt - ok

15:08:20.0502 4644        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

15:08:20.0529 4644        nfrd960 - ok

15:08:20.0602 4644        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

15:08:20.0668 4644        Npfs - ok

15:08:20.0714 4644        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

15:08:20.0797 4644        nsiproxy - ok

15:08:20.0891 4644        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

15:08:21.0027 4644        Ntfs - ok

15:08:21.0079 4644        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

15:08:21.0188 4644        ntrigdigi - ok

15:08:21.0228 4644        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

15:08:21.0294 4644        Null - ok

15:08:21.0550 4644        nvlddmkm        (340c9a91d457e4ae849f42b2688800e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys

15:08:22.0541 4644        nvlddmkm - ok

15:08:22.0658 4644        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

15:08:22.0689 4644        nvraid - ok

15:08:22.0728 4644        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

15:08:22.0756 4644        nvstor - ok

15:08:22.0804 4644        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

15:08:22.0840 4644        nv_agp - ok

15:08:22.0863 4644        NwlnkFlt - ok

15:08:22.0891 4644        NwlnkFwd - ok

15:08:22.0927 4644        ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys

15:08:22.0999 4644        ohci1394 - ok

15:08:23.0051 4644        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

15:08:23.0148 4644        Parport - ok

15:08:23.0206 4644        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

15:08:23.0239 4644        partmgr - ok

15:08:23.0288 4644        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

15:08:23.0378 4644        Parvdm - ok

15:08:23.0446 4644        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

15:08:23.0482 4644        pci - ok

15:08:23.0519 4644        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

15:08:23.0555 4644        pciide - ok

15:08:23.0596 4644        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

15:08:23.0630 4644        pcmcia - ok

15:08:23.0707 4644        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

15:08:23.0937 4644        PEAUTH - ok

15:08:24.0150 4644        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

15:08:24.0226 4644        PptpMiniport - ok

15:08:24.0270 4644        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

15:08:24.0338 4644        Processor - ok

15:08:24.0411 4644        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

15:08:24.0475 4644        PSched - ok

15:08:24.0552 4644        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

15:08:24.0696 4644        ql2300 - ok

15:08:24.0752 4644        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

15:08:24.0784 4644        ql40xx - ok

15:08:24.0850 4644        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

15:08:24.0888 4644        QWAVEdrv - ok

15:08:24.0929 4644        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

15:08:25.0005 4644        RasAcd - ok

15:08:25.0054 4644        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

15:08:25.0122 4644        Rasl2tp - ok

15:08:25.0182 4644        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

15:08:25.0251 4644        RasPppoe - ok

15:08:25.0277 4644        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

15:08:25.0317 4644        RasSstp - ok

15:08:25.0386 4644        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

15:08:25.0468 4644        rdbss - ok

15:08:25.0509 4644        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

15:08:25.0575 4644        RDPCDD - ok

15:08:25.0630 4644        rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

15:08:25.0701 4644        rdpdr - ok

15:08:25.0727 4644        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

15:08:25.0795 4644        RDPENCDD - ok

15:08:25.0859 4644        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

15:08:25.0933 4644        RDPWD - ok

15:08:26.0039 4644        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

15:08:26.0117 4644        rspndr - ok

15:08:26.0165 4644        RTSTOR          (557d431125aa3d58f2d132fda1eb8255) C:\Windows\system32\drivers\RTSTOR.SYS

15:08:26.0200 4644        RTSTOR - ok

15:08:26.0355 4644        SASDIFSV        (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

15:08:26.0374 4644        SASDIFSV - ok

15:08:26.0411 4644        SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

15:08:26.0429 4644        SASKUTIL - ok

15:08:26.0547 4644        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

15:08:26.0578 4644        sbp2port - ok

15:08:26.0677 4644        sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys

15:08:26.0749 4644        sdbus - ok

15:08:26.0797 4644        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

15:08:26.0893 4644        secdrv - ok

15:08:26.0948 4644        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

15:08:27.0051 4644        Serenum - ok

15:08:27.0094 4644        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

15:08:27.0187 4644        Serial - ok

15:08:27.0216 4644        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

15:08:27.0288 4644        sermouse - ok

15:08:27.0365 4644        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

15:08:27.0423 4644        sffdisk - ok

15:08:27.0455 4644        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

15:08:27.0523 4644        sffp_mmc - ok

15:08:27.0563 4644        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

15:08:27.0642 4644        sffp_sd - ok

15:08:27.0707 4644        sfloppy         (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys

15:08:27.0768 4644        sfloppy - ok

15:08:27.0827 4644        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

15:08:27.0859 4644        sisagp - ok

15:08:27.0923 4644        SiSGbeLH        (73838461f11fc7daee7922c945b2d74f) C:\Windows\system32\DRIVERS\SiSGB6.sys

15:08:27.0967 4644        SiSGbeLH - ok

15:08:28.0003 4644        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

15:08:28.0036 4644        SiSRaid2 - ok

15:08:28.0068 4644        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

15:08:28.0104 4644        SiSRaid4 - ok

15:08:28.0180 4644        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

15:08:28.0248 4644        Smb - ok

15:08:28.0320 4644        smserial        (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys

15:08:28.0500 4644        smserial - ok

15:08:28.0575 4644        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

15:08:28.0606 4644        spldr - ok

15:08:28.0687 4644        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

15:08:28.0750 4644        srv - ok

15:08:28.0802 4644        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

15:08:28.0868 4644        srv2 - ok

15:08:28.0923 4644        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

15:08:28.0974 4644        srvnet - ok

15:08:29.0032 4644        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

15:08:29.0058 4644        ssmdrv - ok

15:08:29.0122 4644        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

15:08:29.0153 4644        swenum - ok

15:08:29.0212 4644        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

15:08:29.0243 4644        Symc8xx - ok

15:08:29.0283 4644        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

15:08:29.0314 4644        Sym_hi - ok

15:08:29.0354 4644        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

15:08:29.0386 4644        Sym_u3 - ok

15:08:29.0425 4644        SynTP           (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys

15:08:29.0469 4644        SynTP - ok

15:08:29.0583 4644        Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

15:08:29.0705 4644        Tcpip - ok

15:08:29.0777 4644        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

15:08:29.0897 4644        Tcpip6 - ok

15:08:29.0968 4644        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

15:08:30.0026 4644        tcpipreg - ok

15:08:30.0065 4644        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

15:08:30.0168 4644        TDPIPE - ok

15:08:30.0205 4644        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

15:08:30.0280 4644        TDTCP - ok

15:08:30.0349 4644        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

15:08:30.0422 4644        tdx - ok

15:08:30.0477 4644        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

15:08:30.0513 4644        TermDD - ok

15:08:30.0622 4644        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

15:08:30.0683 4644        tssecsrv - ok

15:08:30.0759 4644        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

15:08:30.0814 4644        tunmp - ok

15:08:30.0870 4644        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

15:08:30.0921 4644        tunnel - ok

15:08:30.0959 4644        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

15:08:30.0995 4644        uagp35 - ok

15:08:31.0056 4644        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

15:08:31.0114 4644        udfs - ok

15:08:31.0196 4644        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

15:08:31.0232 4644        uliagpkx - ok

15:08:31.0277 4644        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

15:08:31.0319 4644        uliahci - ok

15:08:31.0363 4644        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

15:08:31.0398 4644        UlSata - ok

15:08:31.0443 4644        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

15:08:31.0479 4644        ulsata2 - ok

15:08:31.0521 4644        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

15:08:31.0600 4644        umbus - ok

15:08:31.0683 4644        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

15:08:31.0739 4644        usbccgp - ok

15:08:31.0781 4644        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

15:08:31.0892 4644        usbcir - ok

15:08:31.0944 4644        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

15:08:31.0995 4644        usbehci - ok

15:08:32.0055 4644        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

15:08:32.0122 4644        usbhub - ok

15:08:32.0178 4644        usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

15:08:32.0238 4644        usbohci - ok

15:08:32.0292 4644        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

15:08:32.0363 4644        usbprint - ok

15:08:32.0404 4644        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:08:32.0457 4644        USBSTOR - ok

15:08:32.0513 4644        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

15:08:32.0573 4644        usbuhci - ok

15:08:32.0629 4644        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

15:08:32.0708 4644        usbvideo - ok

15:08:32.0790 4644        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

15:08:32.0855 4644        vga - ok

15:08:32.0895 4644        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

15:08:32.0963 4644        VgaSave - ok

15:08:33.0001 4644        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

15:08:33.0044 4644        viaagp - ok

15:08:33.0077 4644        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

15:08:33.0139 4644        ViaC7 - ok

15:08:33.0178 4644        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

15:08:33.0213 4644        viaide - ok

15:08:33.0247 4644        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

15:08:33.0282 4644        volmgr - ok

15:08:33.0347 4644        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

15:08:33.0393 4644        volmgrx - ok

15:08:33.0465 4644        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

15:08:33.0507 4644        volsnap - ok

15:08:33.0557 4644        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

15:08:33.0603 4644        vsmraid - ok

15:08:33.0667 4644        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

15:08:33.0765 4644        WacomPen - ok

15:08:33.0803 4644        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

15:08:33.0866 4644        Wanarp - ok

15:08:33.0887 4644        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

15:08:33.0942 4644        Wanarpv6 - ok

15:08:33.0990 4644        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

15:08:34.0026 4644        Wd - ok

15:08:34.0069 4644        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

15:08:34.0122 4644        Wdf01000 - ok

15:08:34.0306 4644        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

15:08:34.0362 4644        WmiAcpi - ok

15:08:34.0447 4644        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

15:08:34.0512 4644        ws2ifsl - ok

15:08:34.0606 4644        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

15:08:34.0670 4644        WUDFRd - ok

15:08:34.0729 4644        yukonwlh        (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys

15:08:34.0850 4644        yukonwlh - ok

15:08:34.0899 4644        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

15:08:35.0059 4644        \Device\Harddisk0\DR0 - ok

15:08:35.0074 4644        Boot (0x1200)   (7f505fb9abac353e547b7c5dfec8dcd2) \Device\Harddisk0\DR0\Partition0

15:08:35.0076 4644        \Device\Harddisk0\DR0\Partition0 - ok

15:08:35.0091 4644        Boot (0x1200)   (95bc87ddf18b2e8d84906ed886b90d7b) \Device\Harddisk0\DR0\Partition1

15:08:35.0093 4644        \Device\Harddisk0\DR0\Partition1 - ok

15:08:35.0100 4644        ============================================================

15:08:35.0100 4644        Scan finished

15:08:35.0100 4644        ============================================================

15:08:35.0131 5380        Detected object count: 0

15:08:35.0131 5380        Actual detected object count: 0

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Combofix Logfile:

Code:

ComboFix 12-03-07.05 - *** 07.03.2012  18:47:17.2.1 - x86

Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.2047.1331 [GMT 1:00]

ausgeführt von:: c:\users\***\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Common Files\ASPG_icon.ico

c:\windows\IsUn0407.exe

D:\setup.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-02-07 bis 2012-03-07  ))))))))))))))))))))))))))))))

.

.

2012-03-07 18:02 . 2012-03-07 18:02        --------        d-----w-        c:\users\Public\AppData\Local\temp

2012-03-07 18:02 . 2012-03-07 18:02        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-03-06 13:07 . 2012-02-08 06:03        6552120        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDF92365-44CD-4E56-88F1-6DA352468778}\mpengine.dll

2012-03-01 14:48 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-06 20:38 . 2011-06-18 12:59        45056        ----a-w-        c:\windows\system32\acovcnt.exe

2012-02-23 08:18 . 2009-10-03 10:39        237072        ------w-        c:\windows\system32\MpSigStub.exe

2012-02-22 14:14 . 2011-05-28 23:13        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-18 18:09 . 2012-01-18 18:09        159744        ----a-w-        c:\windows\LgxSetup.exe

2012-01-16 02:50 . 2008-09-24 00:53        499712        ----a-w-        c:\windows\system32\msvcp71.dll

2012-01-16 02:50 . 2008-09-24 00:53        348160        ----a-w-        c:\windows\system32\msvcr71.dll

2008-07-02 02:28 . 2008-07-02 02:28        61440        ----a-w-        c:\program files\Common Files\CPInstallAction.dll

2012-02-18 15:30 . 2011-05-27 18:42        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 00:08        143360        ----a-w-        c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LanguageShortcut"="c:\program files\ASUSTek\ASUSDVD\Language\Language.exe" [2008-02-22 62760]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-01 13535776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-01 92704]

"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]

"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]

"RtHDVCpl"="RtHDVCpl.exe" [2008-03-17 5320704]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]

"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]

"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-01-16 296056]

.

c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Biet-O-Matic.lnk - c:\program files\Biet-O-Matic\Biet-O-Matic.exe [2008-12-6 1265664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-12 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21        548352        ----a-w-        c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

.

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 08150162

*Deregistered* - 08150162

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork        REG_MULTI_SZ           PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

.

Inhalt des "geplante Tasks" Ordners

.

2012-01-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-304298557-2416404760-3250698555-1000.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 15:02]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = google.de

mLocal Page = 

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xvhu1y2j.default\

FF - prefs.js: browser.startup.homepage - google.de

FF - prefs.js: network.proxy.type - 0

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-Caesar 3 - c:\windows\IsUn0407.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-03-07 19:02

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

.

C:\ADSM_PData_0150

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 1

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(3188)

c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll

c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

.

Zeit der Fertigstellung: 2012-03-07  19:13:39

ComboFix-quarantined-files.txt  2012-03-07 18:10

ComboFix2.txt  2011-05-30 14:31

.

Vor Suchlauf: 20 Verzeichnis(se), 31.171.956.736 Bytes frei

Nach Suchlauf: 21 Verzeichnis(se), 31.037.976.576 Bytes frei

.

- - End Of File - - E517463E267E44CFC68F809F5042F0F7

--- --- ---

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

So, die neuen Logs sind fertig.

GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-03-08 13:08:43

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD1600BEVT-22ZCT0 rev.11.01A11

Running: rtxyj44p.exe; Driver: C:\Users\***\AppData\Local\Temp\pwliyfow.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            8BD76526                                                                                             ZwCreateSection

SSDT            8BD7652B                                                                                             ZwSetContextThread

SSDT            8BD764C7                                                                                             ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                        81EB8998 4 Bytes  [26, 65, D7, 8B]

.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                        81EB8CF0 4 Bytes  [2B, 65, D7, 8B]

.text           ntkrnlpa.exe!KeSetEvent + 621                                                                        81EB8DA4 4 Bytes  [C7, 64, D7, 8B]

.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                             section is writeable [0x8B407340, 0x3DC4A7, 0xE8000020]
 

---- User code sections - GMER 1.0.15 ----
 

.text           C:\Program Files\Real\RealPlayer\Update\realsched.exe[772] kernel32.dll!SetUnhandledExceptionFilter  7702A8C5 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [745F7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [7464A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [745FBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [745EF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [745F75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [745EE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [74628395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [745FDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [745EFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [745EFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [745E71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [7467CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [7461C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [745ED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [745E6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [745E687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [745F2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                               AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                             fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                             AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
 

---- Files - GMER 1.0.15 ----
 

File            C:\ADSM_PData_0150                                                                                   0 bytes

File            C:\ADSM_PData_0150\DB                                                                                0 bytes

File            C:\ADSM_PData_0150\DB\SI.db                                                                          624 bytes

File            C:\ADSM_PData_0150\DB\UL.db                                                                          16 bytes

File            C:\ADSM_PData_0150\DB\VL.db                                                                          16 bytes

File            C:\ADSM_PData_0150\DB\_avt                                                                           512 bytes

File            C:\ADSM_PData_0150\DragWait.exe                                                                      253952 bytes executable

File            C:\ADSM_PData_0150\_avt                                                                              512 bytes

File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86                                          0 bytes

File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys                                29752 bytes executable

File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt                                     512 bytes
 

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 17:27:00 on 08.03.2012
 

OS: Windows Vista Home Basic Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Mozilla Corporation Firefox 10.0.2
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"RealUpgradeScheduledTaskS-1-5-21-304298557-2416404760-3250698555-1000.job" - "RealNetworks, Inc." - C:\Program Files\Real\RealUpgrade\realupgrade.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

"ODBCCP32.CPL" - "Microsoft Corporation" - C:\Windows\system32\ODBCCP32.CPL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"ASMMAP" (ASMMAP) - ? - C:\Program Files\ATKGFNEX\ASMMAP.sys

"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys  (File not found)

"Data Security Manager Driver" (AsDsm) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\system32\drivers\AsDsm.sys

"ghaio" (ghaio) - ? - C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys  (File found, but it contains no detailed information)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"lullaby" (lullaby) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\System32\DRIVERS\lullaby.sys

"pwliyfow" (pwliyfow) - ? - C:\Users\***\AppData\Local\Temp\pwliyfow.sys  (Hidden registry entry, rootkit activity | File not found)

"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{2F5AC606-70CF-461C-BFE1-6063670C3484} "DisplayCplExt Class" - "ASUS" - C:\Windows\system32\TPESetting.dll

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll

{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - C:\PROGRA~1\IZArc\IZArcCM.dll  (File found, but it contains no detailed information)

{BC593DF5-466F-44EC-8FFD-C4DBC603B917} "IZArc Shell Context Menu" - ? - C:\PROGRA~1\IZArc\IZArcCM.dll  (File found, but it contains no detailed information)

{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} "JetFlExt Class" - "JetAudio" - C:\Program Files\JetAudio\JetFlExt.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} "BDSCANONLINE Control" - "BitDefender" - C:\Windows\DOWNLO~1\oscan82.ocx / hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_25.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

"Exec" - ? - C:\Windows\bdoscandel.exe  (File found, but it contains no detailed information)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"Biet-O-Matic.lnk" - "www.bid-o-matic.org" - C:\Program Files\Biet-O-Matic\Biet-O-Matic.exe  (Shortcut exists | File exists)

"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"ASUSTPE" - "ASUS" - C:\Windows\system32\ASUSTPE.exe

"ATKMEDIA" - "ASUS" - C:\Program Files\ASUS\ATK Media\DMedia.exe

"ATKOSD2" - ? - "C:\Program Files\ATKOSD2\ATKOSD2.exe"

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"HControlUser" - ? - "C:\Program Files\ATK Hotkey\HcontrolUser.exe"

"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"

"LanguageShortcut" - ? - "C:\Program Files\ASUSTek\ASUSDVD\Language\Language.exe"

"Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"hpfll70v.dll" - "Hewlett-Packard Company" - C:\Windows\system32\hpfll70v.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

"ADSM Service" (ADSMService) - ? - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"ASLDR Service" (ASLDRService) - ? - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

"ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Scheduler" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll

"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll

"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

"spmgr" (spmgr) - ? - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
 

[Winlogon]

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

Code:

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software

Run date: 2012-03-08 17:28:20

-----------------------------

17:28:20.735    OS Version: Windows 6.0.6002 Service Pack 2

17:28:20.735    Number of processors: 1 586 0x1601

17:28:20.772    ComputerName: ***-PC  UserName: ***

17:28:22.890    Initialize success

17:29:49.713    AVAST engine defs: 12030800

17:30:00.544    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1

17:30:00.553    Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 3

17:30:01.556    Disk 0 MBR read successfully

17:30:01.562    Disk 0 MBR scan

17:30:01.575    Disk 0 Windows VISTA default MBR code

17:30:01.723    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    10001 MB offset 63

17:30:01.842    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        76308 MB offset 20482875

17:30:01.855    Disk 0 Partition - 00     0F Extended LBA             66315 MB offset 176763195

17:30:02.068    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        66315 MB offset 176763258

17:30:02.959    Disk 0 scanning sectors +312576705

17:30:03.671    Disk 0 scanning C:\Windows\system32\drivers

17:32:48.646    Service scanning

17:33:24.768    Modules scanning

17:37:07.035    Disk 0 trace - called modules:

17:37:07.106    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 

17:37:07.125    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x851401b0]

17:37:07.141    3 CLASSPNP.SYS[87faf8b3] -> nt!IofCallDriver -> [0x84085918]

17:37:07.158    5 acpi.sys[8069e6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x84062230]

17:37:08.062    AVAST engine scan C:\Windows

17:38:36.826    AVAST engine scan C:\Windows\system32

17:55:00.833    AVAST engine scan C:\Windows\system32\drivers

17:55:22.650    AVAST engine scan C:\Users\***

18:14:46.256    AVAST engine scan C:\ProgramData

18:17:54.683    Scan finished successfully

18:18:16.839    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"

18:18:16.855    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"