Trojaner-Board - Fehlerhafte Darstellung von Internetseiten & selbstständige Füllung der C-Festplattenpartition

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Fehlerhafte Darstellung von Internetseiten & selbstständige Füllung der C-Festplattenpartition (https://www.trojaner-board.de/115850-fehlerhafte-darstellung-internetseiten-selbststaendige-fuellung-c-festplattenpartition.html)

Fehlerhafte Darstellung von Internetseiten & selbstständige Füllung der C-Festplattenpartition

Hallo zusammen,

ich wende mich an euch mit folgendem Problem: Seid wenigen Tagen kommt es auf verschiedensten Internetseiten zu fehlerhaften Darstellungen.
Darüber hinaus wird mir ständig angezeigt, dass zu wenig Speicherplatz auf System(C:) verfügbar sei. Was mich daran stutzig macht, ist, dass nachdem ich Programme mit einer Größe von ca. 1,5 Gigabyte von System(C:) gelöscht hatte, kurze Zeit später wieder kein Speicherplatz verfügbar war. Es scheint, als würden ständig neue Daten heruntergeladen, die die C-Partition füllen.

Ich frage mich nun, woran das liegen könnte. Da das Problem, wie schon erwähnt, erst seid kurzem besteht und auch nicht mit Veränderungen von meiner Seite aus am Computer einherging, kam mir ein eventueller Zusammenhang mit Malware in den Sinn.

Schonmal vielen Dank für eure Hilfe.

MfG
sheryO

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-05-27 19:49:02

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3160023AS rev.3.00

Running: nb7c7458.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pxldiuod.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            BA70320E                                                                                                                                                               ZwCreateKey

SSDT            BA703204                                                                                                                                                               ZwCreateThread

SSDT            BA703213                                                                                                                                                               ZwDeleteKey

SSDT            BA70321D                                                                                                                                                               ZwDeleteValueKey

SSDT            BA703222                                                                                                                                                               ZwLoadKey

SSDT            BA7031F0                                                                                                                                                               ZwOpenProcess

SSDT            BA7031F5                                                                                                                                                               ZwOpenThread

SSDT            BA70322C                                                                                                                                                               ZwReplaceKey

SSDT            BA703227                                                                                                                                                               ZwRestoreKey

SSDT            BA703218                                                                                                                                                               ZwSetValueKey

SSDT            \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)                                                              ZwTerminateProcess [0xA8549620]
 

---- Kernel code sections - GMER 1.0.15 ----
 

?               C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mbr.sys                                                                                                                             Das System kann die angegebene Datei nicht finden. !
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                                               fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\redist\Miles\mssdsp.flt                          1

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\redist\Miles\msseax.flt                          1

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\redist\Miles\mssmp3.asi                          1

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Balance_of_Chaos.scn        1

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Blood_on_the_Snow.scn       1

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Castle_of_the_Gods.scn      1

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\General_Conflict.scn        1

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Killing_Fields.scn          1

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Range.scn                   1

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Refill_Conflict.scn         1

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Reinforcement_Conflict.scn  1

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Programme\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Village_in_Squeeze.scn      1
 

---- EOF - GMER 1.0.15 ----

Code:

.DDS Logfile:
 

        Code:


        
DDS (Ver_2011-08-26.01) - NTFSx86 

Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_21

Run by Administrator at 22:07:21 on 2012-05-27

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2046.1332 [GMT 2:00]

.

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Programme\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Eraser\Eraser.exe

C:\Programme\QuickTime\qttask.exe

C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe

C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wuauclt.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.de/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mURLSearchHooks: H - No File

mURLSearchHooks: H - No File

mURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File

EB: &Recherchieren: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

uRun: [SUPERAntiSpyware] c:\programme\superantispyware\SUPERAntiSpyware.exe

mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart

mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime

StartupFolder: c:\dokume~1\admini~1\startm~1\progra~1\autost~1\dropbox.lnk - c:\dokumente und einstellungen\administrator\anwendungsdaten\dropbox\bin\Dropbox.exe

IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\programme\icq7.2\ICQ.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: kaspersky.com\www

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{0B316D96-1017-4617-B52A-C617BD9C68B8} : NameServer = 192.168.100.1

TCP: Interfaces\{242BB936-621A-480D-8324-497D6BCE33DA} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{4EA54FBD-BD02-4751-8F66-1F53BAA8A94F} : DhcpNameServer = 192.168.2.1 192.168.2.1

Notify: !SASWinLogon - c:\programme\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\programme\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\dokumente und einstellungen\administrator\anwendungsdaten\mozilla\firefox\profiles\9oes8frx.default\

FF - prefs.js: browser.search.selectedEngine - 

FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=

FF - plugin: c:\programme\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\programme\microsoft\office live\npOLW.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\programme\avira\antivir desktop\avgio.sys [2010-7-15 11608]

R1 SASDIFSV;SASDIFSV;c:\programme\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\programme\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-15 60936]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\avira\antivir desktop\sched.exe [2010-7-15 135336]

S2 AntiVirService;Avira AntiVir Guard;c:\programme\avira\antivir desktop\avguard.exe [2010-7-15 267432]

S3 GarenaPEngine;GarenaPEngine;\??\c:\dokume~1\admini~1\lokale~1\temp\ylo5.tmp --> c:\dokume~1\admini~1\lokale~1\temp\YLO5.tmp [?]

.

=============== Created Last 30 ================

.

2012-05-06 16:48:41        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

.

==================== Find3M  ====================

.

2012-05-06 16:48:41        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-11 13:51:24        2029056        ------w-        c:\windows\system32\ntkrnlpa.exe

2012-04-11 13:51:18        2150912        ------w-        c:\windows\system32\ntoskrnl.exe

2012-04-11 13:51:18        1862400        ----a-w-        c:\windows\system32\win32k.sys

2012-04-04 13:56:40        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-03-01 11:00:09        916992        ----a-w-        c:\windows\system32\wininet.dll

2012-03-01 11:00:08        43520        ----a-w-        c:\windows\system32\licmgr10.dll

2012-03-01 11:00:08        1469440        ----a-w-        c:\windows\system32\inetcpl.cpl

2012-02-29 14:09:48        177664        ----a-w-        c:\windows\system32\wintrust.dll

2012-02-29 14:09:48        148480        ----a-w-        c:\windows\system32\imagehlp.dll

2012-02-29 12:17:40        385024        ----a-w-        c:\windows\system32\html.iec

.

============= FINISH: 22:07:36,10 ===============

--- --- ---

Code:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 28.06.2006 11:42:48

System Uptime: 27.05.2012 13:46:10 (9 hours ago)

.

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD |  | MS-7187

Processor:               Intel(R) Pentium(R) D CPU 2.80GHz | Socket 775 | 2799/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 29 GiB total, 0 GiB free.

D: is FIXED (NTFS) - 149 GiB total, 97,101 GiB free.

E: is FIXED (NTFS) - 120 GiB total, 119,555 GiB free.

F: is Removable

G: is Removable

H: is Removable

J: is Removable

O: is CDROM ()

U: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

6

.

==== End Of File ===========================

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Code:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.04.19.02
 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Administrator :: PC-xxx [Administrator]
 

25.04.2012 16:02:11

mbam-log-2012-04-25 (16-02-11).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 265140

Laufzeit: 28 Minute(n), 5 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.05.23.04
 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Administrator :: PC-xxx [Administrator]
 

23.05.2012 15:51:48

mbam-log-2012-05-23 (15-51-48).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 272535

Laufzeit: 38 Minute(n), 44 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.05.31.02
 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Administrator :: PC-xxx [Administrator]
 

31.05.2012 14:15:45

mbam-log-2012-05-31 (14-15-45).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 272495

Laufzeit: 1 Stunde(n), 36 Minute(n), 31 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=d5267768293ad945a4bcd1cb38665ae1

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-05-31 05:35:52

# local_time=2012-05-31 07:35:52 (+0100, Westeuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 127253509 127253509 0 0

# compatibility_mode=8192 67108863 100 0 23854131 23854131 0 0

# scanned=79349

# found=0

# cleaned=0

# scan_time=6200

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Code:

OTL logfile created on: 31.05.2012 20:48:44 - Run 4

OTL by OldTimer - Version 3.2.44.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 68,31% Memory free

3,35 Gb Paging File | 2,83 Gb Available in Paging File | 84,62% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 29,29 Gb Total Space | 0,13 Gb Free Space | 0,46% Space Free | Partition Type: NTFS

Drive D: | 149,05 Gb Total Space | 96,91 Gb Free Space | 65,02% Space Free | Partition Type: NTFS

Drive E: | 119,75 Gb Total Space | 119,56 Gb Free Space | 99,84% Space Free | Partition Type: NTFS

Drive G: | 3,79 Gb Total Space | 3,79 Gb Free Space | 100,00% Space Free | Partition Type: FAT32

Drive I: | 7,45 Gb Total Space | 5,42 Gb Free Space | 72,68% Space Free | Partition Type: FAT32

 

Computer Name: PC-LUENDORF | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.05.31 20:46:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe

PRC - [2010.10.28 17:01:04 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

PRC - [2010.04.10 08:45:46 | 000,979,344 | ---- | M] (The Eraser Project) -- C:\Programme\Eraser\Eraser.exe

PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.05.13 20:32:48 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b49dd780ba8e3501b0adcf108b431e7b\Microsoft.VisualBasic.ni.dll

MOD - [2012.05.10 22:57:54 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll

MOD - [2012.05.10 22:57:43 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll

MOD - [2012.05.10 22:57:22 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll

MOD - [2012.05.10 22:56:42 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll

MOD - [2012.05.10 22:55:16 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll

MOD - [2012.05.10 22:54:56 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll

MOD - [2010.07.18 13:51:46 | 000,063,488 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

MOD - [2010.07.18 13:51:40 | 000,117,760 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

MOD - [2010.07.17 13:07:02 | 000,052,224 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2008.04.14 07:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2002.12.01 20:10:36 | 000,026,008 | ---- | M] () -- C:\WINDOWS\system32\WIN2PDFM.DLL

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)

SRV - [2008.04.14 07:52:56 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)

SRV - [2008.04.14 07:52:56 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)

SRV - [2008.04.14 07:52:18 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)

SRV - [2008.04.14 07:52:16 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)

SRV - [2008.04.14 07:52:08 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)

SRV - [2002.12.31 14:00:00 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\YLO5.tmp -- (GarenaPEngine)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys -- (catchme)

DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2008.04.14 07:32:18 | 000,120,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)

DRV - [2008.04.14 07:28:14 | 000,800,384 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)

DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)

DRV - [2008.04.14 00:02:38 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)

DRV - [2006.06.07 23:08:56 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006.05.03 03:49:57 | 000,166,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)

DRV - [2005.10.25 04:45:54 | 000,173,568 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ftsata2.sys -- (ftsata2)

DRV - [2005.10.19 08:20:30 | 000,357,792 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (PRISM_A02)

DRV - [2005.03.14 07:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)

DRV - [2004.03.17 16:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)

DRV - [2002.12.31 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)

DRV - [2002.12.31 14:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)

DRV - [2002.05.02 13:52:22 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKLM\..\URLSearchHook:  - No CLSID value found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\..\URLSearchHook:  - No CLSID value found

IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\..\SearchScopes,DefaultScope = {2863C1E5-CF75-4945-933E-90E4AA60B606}

IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\..\SearchScopes\{2863C1E5-CF75-4945-933E-90E4AA60B606}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de

IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\..\SearchScopes\{AC854C16-CA1E-43f1-8513-0D2F36C726ED}: "URL" = hxxp://www.offos.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=8QYAJ5lM

IE - HKU\S-1-5-21-746137067-1177238915-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.param.yahoo-fr: ""

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: ""

FF - prefs.js..browser.search.param.yahoo-type: ""

FF - prefs.js..browser.search.selectedEngine: ""

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.18

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.4.0.0

FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.13 13:13:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.18 15:58:01 | 000,000,000 | ---D | M]

 

[2008.12.04 16:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions

[2012.04.06 11:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions

[2012.04.06 11:55:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012.04.06 11:55:27 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2012.03.06 12:59:34 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}

[2012.03.06 12:59:30 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\searchplugins\sweetim.xml

[2012.04.06 11:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.07.18 15:58:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.07.18 15:57:46 | 000,423,656 | ---- | M] (Oracle) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2010.07.13 13:13:53 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.07.13 13:13:53 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2010.07.13 13:13:53 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.07.13 13:13:53 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.07.13 13:13:53 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.08.29 00:19:53 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-746137067-1177238915-725345543-500\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.

O4 - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)

O4 - HKU\S-1-5-21-746137067-1177238915-725345543-500..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe File not found

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe File not found

O15 - HKU\S-1-5-21-746137067-1177238915-725345543-500\..Trusted Domains: kaspersky.com ([www] * in Vertrauenswürdige Sites)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B316D96-1017-4617-B52A-C617BD9C68B8}: NameServer = 192.168.100.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{242BB936-621A-480D-8324-497D6BCE33DA}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EA54FBD-BD02-4751-8F66-1F53BAA8A94F}: DhcpNameServer = 192.168.2.1 192.168.2.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: 6to4 -  File not found

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^cgs8h0.exe.lnk -  - File not found

MsConfig - StartUpReg: rSkVSbFvavfCaY.exe - hkey= - key= -  File not found

MsConfig - StartUpReg: S75srfkXRfxEhp - hkey= - key= -  File not found

MsConfig - StartUpReg: Upgrade - hkey= - key= -  File not found

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

 

SafeBootMin: 57890767.sys - Driver

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: 57890767.sys - Driver

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Sicherheitsupdate für Windows XP (KB913433)

ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: VIDC.3iv2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)

Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()

Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

 

CREATERESTOREPOINT

Error creating restore point.

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.05.31 20:46:00 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

[2012.05.31 17:08:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2012.05.29 16:18:42 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent

[2012.05.27 19:35:30 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Verwaltung

[2012.05.10 22:52:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.05.31 20:46:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

[2012.05.31 18:38:05 | 000,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini

[2012.05.31 14:04:47 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2012.05.31 14:03:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.05.31 10:53:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.05.29 14:54:34 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Word 2003.lnk

[2012.05.27 19:34:41 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable

[2012.05.27 17:47:00 | 000,009,216 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.05.11 15:01:26 | 000,197,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.05.10 22:54:06 | 000,456,314 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.05.10 22:54:06 | 000,438,478 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.05.10 22:54:06 | 000,083,408 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.05.10 22:54:06 | 000,070,216 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

 
 ========== Files Created - No Company Name ==========

 

[2012.05.27 19:34:41 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable

[2012.02.17 17:00:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.09.10 21:21:06 | 000,009,216 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.07.15 15:08:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010.07.15 15:08:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010.07.15 15:08:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010.07.15 15:08:03 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010.07.15 15:08:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010.07.12 14:18:55 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

 
 ========== LOP Check ==========

 

[2010.07.27 13:05:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Blender Foundation

[2012.05.31 18:06:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox

[2012.03.27 17:55:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Foky

[2012.04.02 13:12:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gtk-2.0

[2010.10.31 15:50:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQ

[2009.05.15 17:00:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston

[2010.01.03 15:14:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech

[2010.07.19 12:21:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SumatraPDF

[2010.01.19 19:51:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer

[2012.05.28 17:58:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WEB.DE

[2012.03.24 13:26:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ylox

[2009.07.21 12:35:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft

[2012.05.31 14:04:47 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

[2010.02.09 16:56:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\Office Genuine Advantage

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2009.04.01 15:07:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe

[2007.12.20 09:45:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AdobeUM

[2010.05.30 12:31:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avira

[2010.07.27 13:05:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Blender Foundation

[2012.05.31 18:06:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox

[2012.03.27 17:55:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Foky

[2012.03.29 17:56:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Google

[2012.04.02 13:12:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gtk-2.0

[2010.10.31 15:50:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQ

[2006.06.28 11:40:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities

[2009.05.15 17:00:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston

[2010.01.03 15:14:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech

[2010.07.16 13:55:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia

[2009.08.21 18:52:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes

[2011.09.10 22:47:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Media Player Classic

[2011.04.20 13:43:12 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft

[2008.12.04 16:14:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla

[2011.06.15 13:36:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Realxml

[2010.07.29 19:57:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype

[2010.07.29 19:48:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skypePM

[2010.07.19 12:21:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SumatraPDF

[2006.11.20 17:25:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun

[2010.07.17 13:06:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com

[2010.01.19 19:51:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer

[2011.09.10 21:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc

[2012.05.28 17:58:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WEB.DE

[2010.07.15 23:31:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WinRAR

[2010.07.31 18:12:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Yahoo!

[2012.03.24 13:26:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ylox

 
 < %APPDATA%\*.exe /s >

[2007.12.17 16:53:55 | 023,813,608 | ---- | M] (                            ) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr709_de_DE.exe

[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe

[2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Uninstall.exe

[2008.09.19 01:19:30 | 000,937,465 | ---- | M] (                                                            ) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston\SecureTraveler.exe

[2008.09.18 15:32:22 | 001,839,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston\SecureTravelerA.exe

[2008.09.19 01:05:36 | 003,231,744 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston\SecureTravelerB.exe

[2008.07.18 13:31:28 | 000,143,360 | ---- | M] (Kingston) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston\SecureTravelerDaemon.exe

[2008.09.18 15:32:22 | 001,839,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston\tmp\SecureTravelerA.exe

[2008.09.19 01:05:36 | 003,231,744 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston\tmp\SecureTravelerB.exe

[2008.07.18 13:31:28 | 000,143,360 | ---- | M] (Kingston) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kingston\tmp\SecureTravelerDaemon.exe

[2012.01.23 22:35:49 | 003,800,224 | ---- | M] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

[2006.06.28 11:46:34 | 000,027,670 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{8DD42AE0-5F59-4AA7-8DCB-B6CC7C1C08EB}\ARPPRODUCTICON.exe

[2006.06.28 11:46:34 | 000,008,854 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{8DD42AE0-5F59-4AA7-8DCB-B6CC7C1C08EB}\GEAR.jpg_8DD42AE05F594AA78DCBB6CC7C1C08EB.exe

[2006.06.28 11:46:34 | 000,008,854 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{8DD42AE0-5F59-4AA7-8DCB-B6CC7C1C08EB}\GEAR.NFO_8DD42AE05F594AA78DCBB6CC7C1C08EB.exe

[2006.06.28 11:46:35 | 000,008,854 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{8DD42AE0-5F59-4AA7-8DCB-B6CC7C1C08EB}\ReadMe.txt_8DD42AE05F594AA78DCBB6CC7C1C08EB.exe

[2006.06.28 11:46:34 | 000,008,854 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{8DD42AE0-5F59-4AA7-8DCB-B6CC7C1C08EB}\__GoldEsel___visit_u_8DD42AE05F594AA78DCBB6CC7C1C08EB.exe

[2006.06.28 11:46:34 | 000,008,854 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{8DD42AE0-5F59-4AA7-8DCB-B6CC7C1C08EB}\__Wichtig___Lesen____8DD42AE05F594AA78DCBB6CC7C1C08EB.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2011.07.13 04:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe

 
 < MD5 for: AGP440.SYS  >

[2002.12.31 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys

[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2002.12.31 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2002.12.31 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2002.12.31 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2002.12.31 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll

[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll

[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll

[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll

[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe

[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2002.12.31 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2002.12.31 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe

[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2002.12.31 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2002.12.31 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2006.06.28 13:27:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2006.06.28 13:27:27 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2006.06.28 13:27:27 | 000,446,464 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

[2012.04.06 11:55:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012.03.06 12:59:34 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}

[2012.03.06 12:59:30 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\searchplugins\sweetim.xml

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-746137067-1177238915-725345543-500\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe File not found

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe File not found

MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^cgs8h0.exe.lnk -  - File not found

MsConfig - StartUpReg: rSkVSbFvavfCaY.exe - hkey= - key= -  File not found

MsConfig - StartUpReg: S75srfkXRfxEhp - hkey= - key= -  File not found

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

All processes killed

========== OTL ==========

C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.

C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.

C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.

C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.

C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF folder moved successfully.

C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components folder moved successfully.

C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin folder moved successfully.

C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\nl-NL folder moved successfully.

C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\it-IT folder moved successfully.

C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\fr-FR folder moved successfully.

C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\es-ES folder moved successfully.

C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\en-US folder moved successfully.

C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\de-DE folder moved successfully.

C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale folder moved successfully.

C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content folder moved successfully.

C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar folder moved successfully.

C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome folder moved successfully.

C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} folder moved successfully.

C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\searchplugins\sweetim.xml moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-746137067-1177238915-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMHelp deleted successfully.

Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.

Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found.

Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry key HKEY_USERS\S-1-5-21-746137067-1177238915-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

Registry value HKEY_USERS\S-1-5-21-746137067-1177238915-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^cgs8h0.exe.lnk\ deleted successfully.

C:\WINDOWS\pss\cgs8h0.exe.lnkStartup moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\rSkVSbFvavfCaY.exe\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\S75srfkXRfxEhp\ deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 2502397 bytes

->Temporary Internet Files folder emptied: 2986101 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 3202055 bytes

->Flash cache emptied: 3803597 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 12,00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default User

 

User: LocalService

 

User: NetworkService

 

Total Flash Files Cleaned = 0,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.44.0 log created on 05312012_221801
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Code:

19:34:28.0171 2232        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

19:34:28.0343 2232        ============================================================

19:34:28.0343 2232        Current date / time: 2012/06/01 19:34:28.0343

19:34:28.0343 2232        SystemInfo:

19:34:28.0343 2232        

19:34:28.0343 2232        OS Version: 5.1.2600 ServicePack: 3.0

19:34:28.0343 2232        Product type: Workstation

19:34:28.0343 2232        ComputerName: PC-xxx

19:34:28.0343 2232        UserName: Administrator

19:34:28.0343 2232        Windows directory: C:\WINDOWS

19:34:28.0343 2232        System windows directory: C:\WINDOWS

19:34:28.0343 2232        Processor architecture: Intel x86

19:34:28.0343 2232        Number of processors: 2

19:34:28.0343 2232        Page size: 0x1000

19:34:28.0343 2232        Boot type: Normal boot

19:34:28.0343 2232        ============================================================

19:34:29.0921 2232        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

19:34:29.0937 2232        Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

19:34:29.0953 2232        Drive \Device\Harddisk5\DR8 - Size: 0xF3000000 (3.80 Gb), SectorSize: 0x200, Cylinders: 0x1EF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

19:34:29.0953 2232        Drive \Device\Harddisk6\DR9 - Size: 0x1DDD00000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

19:34:29.0953 2232        ============================================================

19:34:29.0953 2232        \Device\Harddisk0\DR0:

19:34:29.0953 2232        MBR partitions:

19:34:29.0953 2232        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1

19:34:29.0968 2232        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0xEF7E8D1

19:34:29.0968 2232        \Device\Harddisk1\DR1:

19:34:29.0968 2232        MBR partitions:

19:34:29.0968 2232        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82

19:34:29.0968 2232        \Device\Harddisk5\DR8:

19:34:29.0968 2232        MBR partitions:

19:34:29.0968 2232        \Device\Harddisk5\DR8\Partition0: MBR, Type 0xC, StartLBA 0x30, BlocksNum 0x797FD0

19:34:29.0968 2232        \Device\Harddisk6\DR9:

19:34:29.0968 2232        MBR partitions:

19:34:29.0968 2232        ============================================================

19:34:30.0000 2232        C: <-> \Device\Harddisk0\DR0\Partition0

19:34:30.0031 2232        D: <-> \Device\Harddisk1\DR1\Partition0

19:34:30.0187 2232        E: <-> \Device\Harddisk0\DR0\Partition1

19:34:30.0187 2232        ============================================================

19:34:30.0187 2232        Initialize success

19:34:30.0187 2232        ============================================================

19:34:42.0046 2416        ============================================================

19:34:42.0046 2416        Scan started

19:34:42.0046 2416        Mode: Manual; SigCheck; TDLFS; 

19:34:42.0046 2416        ============================================================

19:34:42.0281 2416        Abiosdsk - ok

19:34:42.0281 2416        abp480n5 - ok

19:34:42.0312 2416        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

19:34:43.0718 2416        ACPI - ok

19:34:43.0734 2416        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

19:34:43.0875 2416        ACPIEC - ok

19:34:43.0890 2416        adpu160m - ok

19:34:43.0906 2416        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

19:34:44.0062 2416        aec - ok

19:34:44.0078 2416        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

19:34:44.0125 2416        AFD - ok

19:34:44.0125 2416        Aha154x - ok

19:34:44.0140 2416        aic78u2 - ok

19:34:44.0140 2416        aic78xx - ok

19:34:44.0171 2416        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

19:34:44.0296 2416        Alerter - ok

19:34:44.0312 2416        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

19:34:44.0437 2416        ALG - ok

19:34:44.0437 2416        AliIde - ok

19:34:44.0453 2416        amsint - ok

19:34:44.0515 2416        AntiVirSchedulerService (9828ffe47fbeb08b509a7717e4f77cc7) C:\Programme\Avira\AntiVir Desktop\sched.exe

19:34:44.0531 2416        AntiVirSchedulerService - ok

19:34:44.0562 2416        AntiVirService  (bbc02905032d453c0e18d5110f841902) C:\Programme\Avira\AntiVir Desktop\avguard.exe

19:34:44.0578 2416        AntiVirService - ok

19:34:44.0609 2416        AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll

19:34:44.0750 2416        AppMgmt - ok

19:34:44.0781 2416        Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

19:34:44.0906 2416        Arp1394 - ok

19:34:44.0906 2416        asc - ok

19:34:44.0921 2416        asc3350p - ok

19:34:44.0921 2416        asc3550 - ok

19:34:45.0000 2416        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

19:34:45.0015 2416        aspnet_state - ok

19:34:45.0031 2416        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

19:34:45.0171 2416        AsyncMac - ok

19:34:45.0187 2416        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

19:34:45.0328 2416        atapi - ok

19:34:45.0328 2416        Atdisk - ok

19:34:45.0375 2416        Ati HotKey Poller (c23082b890f21267037ca6111c385ff3) C:\WINDOWS\system32\Ati2evxx.exe

19:34:45.0468 2416        Ati HotKey Poller - ok

19:34:45.0531 2416        ati2mtag        (f5fc6ac1e7bc776871361d463fc86be2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

19:34:45.0625 2416        ati2mtag - ok

19:34:45.0687 2416        ATIAVAIW        (632fd762fa5183fabc01687a4cd357b8) C:\WINDOWS\system32\DRIVERS\atinavt2.sys

19:34:45.0718 2416        ATIAVAIW - ok

19:34:45.0750 2416        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

19:34:45.0890 2416        Atmarpc - ok

19:34:45.0906 2416        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

19:34:46.0046 2416        AudioSrv - ok

19:34:46.0062 2416        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

19:34:46.0203 2416        audstub - ok

19:34:46.0265 2416        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys

19:34:46.0265 2416        avgio - ok

19:34:46.0296 2416        avgntflt        (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

19:34:46.0421 2416        avgntflt - ok

19:34:46.0437 2416        avipbb          (524b9e78e396c00968c5629ed5bbfab0) C:\WINDOWS\system32\DRIVERS\avipbb.sys

19:34:46.0453 2416        avipbb - ok

19:34:46.0484 2416        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

19:34:46.0609 2416        Beep - ok

19:34:46.0640 2416        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

19:34:46.0812 2416        BITS - ok

19:34:46.0843 2416        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

19:34:46.0984 2416        Browser - ok

19:34:47.0046 2416        catchme - ok

19:34:47.0078 2416        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

19:34:47.0218 2416        cbidf2k - ok

19:34:47.0250 2416        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

19:34:47.0390 2416        CCDECODE - ok

19:34:47.0390 2416        cd20xrnt - ok

19:34:47.0406 2416        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

19:34:47.0546 2416        Cdaudio - ok

19:34:47.0562 2416        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

19:34:47.0703 2416        Cdfs - ok

19:34:47.0734 2416        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

19:34:47.0875 2416        Cdrom - ok

19:34:47.0875 2416        Changer - ok

19:34:47.0906 2416        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe

19:34:48.0046 2416        CiSvc - ok

19:34:48.0062 2416        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

19:34:48.0203 2416        ClipSrv - ok

19:34:48.0265 2416        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:34:48.0281 2416        clr_optimization_v2.0.50727_32 - ok

19:34:48.0281 2416        CmdIde - ok

19:34:48.0296 2416        COMSysApp - ok

19:34:48.0296 2416        Cpqarray - ok

19:34:48.0328 2416        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

19:34:48.0468 2416        CryptSvc - ok

19:34:48.0468 2416        dac2w2k - ok

19:34:48.0468 2416        dac960nt - ok

19:34:48.0515 2416        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

19:34:48.0578 2416        DcomLaunch - ok

19:34:48.0593 2416        DgiVecp         (a5034f77b278f07e224fe07cf98a8b76) C:\WINDOWS\system32\Drivers\DgiVecp.sys

19:34:48.0609 2416        DgiVecp ( UnsignedFile.Multi.Generic ) - warning

19:34:48.0609 2416        DgiVecp - detected UnsignedFile.Multi.Generic (1)

19:34:48.0640 2416        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

19:34:48.0781 2416        Dhcp - ok

19:34:48.0796 2416        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

19:34:48.0937 2416        Disk - ok

19:34:48.0937 2416        dmadmin - ok

19:34:48.0984 2416        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

19:34:49.0156 2416        dmboot - ok

19:34:49.0187 2416        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

19:34:49.0343 2416        dmio - ok

19:34:49.0343 2416        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

19:34:49.0484 2416        dmload - ok

19:34:49.0500 2416        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

19:34:49.0640 2416        dmserver - ok

19:34:49.0656 2416        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

19:34:49.0796 2416        DMusic - ok

19:34:49.0812 2416        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll

19:34:49.0875 2416        Dnscache - ok

19:34:49.0906 2416        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

19:34:50.0046 2416        Dot3svc - ok

19:34:50.0046 2416        dpti2o - ok

19:34:50.0062 2416        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

19:34:50.0203 2416        drmkaud - ok

19:34:50.0218 2416        E100B           (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys

19:34:50.0281 2416        E100B - ok

19:34:50.0281 2416        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

19:34:50.0421 2416        EapHost - ok

19:34:50.0453 2416        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

19:34:50.0593 2416        ERSvc - ok

19:34:50.0625 2416        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

19:34:50.0640 2416        Eventlog - ok

19:34:50.0671 2416        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll

19:34:50.0718 2416        EventSystem - ok

19:34:50.0734 2416        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

19:34:50.0859 2416        Fastfat - ok

19:34:50.0890 2416        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

19:34:50.0937 2416        FastUserSwitchingCompatibility - ok

19:34:50.0953 2416        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

19:34:51.0093 2416        Fdc - ok

19:34:51.0109 2416        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

19:34:51.0234 2416        Fips - ok

19:34:51.0250 2416        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

19:34:51.0390 2416        Flpydisk - ok

19:34:51.0421 2416        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

19:34:51.0546 2416        FltMgr - ok

19:34:51.0625 2416        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

19:34:51.0640 2416        FontCache3.0.0.0 - ok

19:34:51.0656 2416        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

19:34:51.0781 2416        Fs_Rec - ok

19:34:51.0812 2416        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

19:34:51.0937 2416        Ftdisk - ok

19:34:51.0968 2416        ftsata2         (65b50b303ff74a5517117ba3d25dbe7f) C:\WINDOWS\system32\drivers\ftsata2.sys

19:34:51.0984 2416        ftsata2 ( UnsignedFile.Multi.Generic ) - warning

19:34:51.0984 2416        ftsata2 - detected UnsignedFile.Multi.Generic (1)

19:34:52.0046 2416        GarenaPEngine - ok

19:34:52.0078 2416        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

19:34:52.0218 2416        Gpc - ok

19:34:52.0234 2416        HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\WINDOWS\system32\drivers\HdAudio.sys

19:34:52.0265 2416        HdAudAddService - ok

19:34:52.0296 2416        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

19:34:52.0421 2416        HDAudBus - ok

19:34:52.0468 2416        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

19:34:52.0593 2416        helpsvc - ok

19:34:52.0593 2416        HidServ - ok

19:34:52.0609 2416        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

19:34:52.0750 2416        HidUsb - ok

19:34:52.0765 2416        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

19:34:52.0890 2416        hkmsvc - ok

19:34:52.0890 2416        hpn - ok

19:34:52.0921 2416        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

19:34:52.0968 2416        HTTP - ok

19:34:52.0984 2416        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

19:34:53.0125 2416        HTTPFilter - ok

19:34:53.0125 2416        i2omgmt - ok

19:34:53.0125 2416        i2omp - ok

19:34:53.0156 2416        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

19:34:53.0296 2416        i8042prt - ok

19:34:53.0343 2416        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

19:34:53.0406 2416        idsvc - ok

19:34:53.0421 2416        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

19:34:53.0546 2416        Imapi - ok

19:34:53.0578 2416        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe

19:34:53.0718 2416        ImapiService - ok

19:34:53.0734 2416        ini910u - ok

19:34:53.0734 2416        IntelIde - ok

19:34:53.0765 2416        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

19:34:53.0890 2416        intelppm - ok

19:34:53.0906 2416        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

19:34:54.0031 2416        Ip6Fw - ok

19:34:54.0062 2416        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

19:34:54.0187 2416        IpFilterDriver - ok

19:34:54.0203 2416        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

19:34:54.0328 2416        IpInIp - ok

19:34:54.0359 2416        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

19:34:54.0484 2416        IpNat - ok

19:34:54.0515 2416        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

19:34:54.0640 2416        IPSec - ok

19:34:54.0656 2416        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

19:34:54.0765 2416        IRENUM - ok

19:34:54.0781 2416        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

19:34:54.0921 2416        isapnp - ok

19:34:55.0000 2416        JavaQuickStarterService (e4ae0cbc0b55a5faa6996e38ce6c981b) C:\Programme\Java\jre6\bin\jqs.exe

19:34:55.0015 2416        JavaQuickStarterService - ok

19:34:55.0031 2416        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

19:34:55.0171 2416        Kbdclass - ok

19:34:55.0187 2416        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

19:34:55.0343 2416        kmixer - ok

19:34:55.0359 2416        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

19:34:55.0421 2416        KSecDD - ok

19:34:55.0453 2416        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll

19:34:55.0484 2416        lanmanserver - ok

19:34:55.0515 2416        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll

19:34:55.0562 2416        lanmanworkstation - ok

19:34:55.0562 2416        lbrtfdc - ok

19:34:55.0609 2416        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

19:34:55.0750 2416        LmHosts - ok

19:34:55.0765 2416        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

19:34:55.0890 2416        Messenger - ok

19:34:55.0906 2416        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

19:34:56.0031 2416        mnmdd - ok

19:34:56.0046 2416        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe

19:34:56.0187 2416        mnmsrvc - ok

19:34:56.0203 2416        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

19:34:56.0343 2416        Modem - ok

19:34:56.0359 2416        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

19:34:56.0500 2416        Mouclass - ok

19:34:56.0515 2416        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

19:34:56.0640 2416        mouhid - ok

19:34:56.0656 2416        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

19:34:56.0781 2416        MountMgr - ok

19:34:56.0796 2416        MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

19:34:56.0937 2416        MPE - ok

19:34:56.0937 2416        mraid35x - ok

19:34:56.0953 2416        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

19:34:57.0093 2416        MRxDAV - ok

19:34:57.0140 2416        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

19:34:57.0187 2416        MRxSmb - ok

19:34:57.0218 2416        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe

19:34:57.0343 2416        MSDTC - ok

19:34:57.0359 2416        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

19:34:57.0484 2416        Msfs - ok

19:34:57.0484 2416        MSIServer - ok

19:34:57.0500 2416        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

19:34:57.0625 2416        MSKSSRV - ok

19:34:57.0640 2416        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

19:34:57.0765 2416        MSPCLOCK - ok

19:34:57.0781 2416        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

19:34:57.0921 2416        MSPQM - ok

19:34:57.0937 2416        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

19:34:58.0046 2416        mssmbios - ok

19:34:58.0062 2416        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

19:34:58.0203 2416        MSTEE - ok

19:34:58.0234 2416        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

19:34:58.0265 2416        Mup - ok

19:34:58.0281 2416        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

19:34:58.0421 2416        NABTSFEC - ok

19:34:58.0453 2416        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

19:34:58.0593 2416        napagent - ok

19:34:58.0609 2416        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

19:34:58.0750 2416        NDIS - ok

19:34:58.0765 2416        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

19:34:58.0890 2416        NdisIP - ok

19:34:58.0921 2416        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

19:34:58.0937 2416        NdisTapi - ok

19:34:58.0953 2416        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

19:34:59.0078 2416        Ndisuio - ok

19:34:59.0093 2416        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

19:34:59.0234 2416        NdisWan - ok

19:34:59.0250 2416        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

19:34:59.0281 2416        NDProxy - ok

19:34:59.0312 2416        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

19:34:59.0437 2416        NetBIOS - ok

19:34:59.0453 2416        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

19:34:59.0593 2416        NetBT - ok

19:34:59.0625 2416        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

19:34:59.0765 2416        NetDDE - ok

19:34:59.0765 2416        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

19:34:59.0875 2416        NetDDEdsdm - ok

19:34:59.0906 2416        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

19:35:00.0031 2416        Netlogon - ok

19:35:00.0046 2416        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

19:35:00.0187 2416        Netman - ok

19:35:00.0281 2416        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:35:00.0296 2416        NetTcpPortSharing - ok

19:35:00.0312 2416        NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

19:35:00.0437 2416        NIC1394 - ok

19:35:00.0484 2416        Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll

19:35:00.0515 2416        Nla - ok

19:35:00.0531 2416        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

19:35:00.0656 2416        Npfs - ok

19:35:00.0687 2416        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

19:35:00.0812 2416        Ntfs - ok

19:35:00.0828 2416        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

19:35:00.0953 2416        NtLmSsp - ok

19:35:00.0984 2416        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

19:35:01.0140 2416        NtmsSvc - ok

19:35:01.0156 2416        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

19:35:01.0296 2416        Null - ok

19:35:01.0328 2416        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

19:35:01.0453 2416        NwlnkFlt - ok

19:35:01.0468 2416        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

19:35:01.0593 2416        NwlnkFwd - ok

19:35:01.0609 2416        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

19:35:01.0734 2416        ohci1394 - ok

19:35:01.0781 2416        ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

19:35:01.0812 2416        ose - ok

19:35:01.0828 2416        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys

19:35:01.0953 2416        Parport - ok

19:35:01.0968 2416        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

19:35:02.0093 2416        PartMgr - ok

19:35:02.0109 2416        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

19:35:02.0234 2416        ParVdm - ok

19:35:02.0265 2416        PCANDIS5        (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\system32\PCANDIS5.SYS

19:35:02.0265 2416        PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning

19:35:02.0265 2416        PCANDIS5 - detected UnsignedFile.Multi.Generic (1)

19:35:02.0281 2416        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

19:35:02.0421 2416        PCI - ok

19:35:02.0421 2416        PCIDump - ok

19:35:02.0437 2416        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

19:35:02.0562 2416        PCIIde - ok

19:35:02.0593 2416        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

19:35:02.0734 2416        Pcmcia - ok

19:35:02.0734 2416        PDCOMP - ok

19:35:02.0734 2416        PDFRAME - ok

19:35:02.0734 2416        PDRELI - ok

19:35:02.0750 2416        PDRFRAME - ok

19:35:02.0750 2416        perc2 - ok

19:35:02.0750 2416        perc2hib - ok

19:35:02.0796 2416        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

19:35:02.0812 2416        PlugPlay - ok

19:35:02.0828 2416        PnkBstrA        (831883b107684301f48ace752c963984) C:\WINDOWS\system32\PnkBstrA.exe

19:35:02.0843 2416        PnkBstrA - ok

19:35:02.0859 2416        PnkBstrB        (e24106a5eaecddff00b25497049dd65f) C:\WINDOWS\system32\PnkBstrB.exe

19:35:02.0875 2416        PnkBstrB - ok

19:35:02.0906 2416        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

19:35:03.0015 2416        PolicyAgent - ok

19:35:03.0031 2416        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

19:35:03.0156 2416        PptpMiniport - ok

19:35:03.0187 2416        PRISM_A02       (7796947d857d87491c78afad014a855a) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys

19:35:03.0218 2416        PRISM_A02 ( UnsignedFile.Multi.Generic ) - warning

19:35:03.0218 2416        PRISM_A02 - detected UnsignedFile.Multi.Generic (1)

19:35:03.0218 2416        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

19:35:03.0343 2416        ProtectedStorage - ok

19:35:03.0375 2416        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

19:35:03.0500 2416        Ptilink - ok

19:35:03.0515 2416        ql1080 - ok

19:35:03.0515 2416        Ql10wnt - ok

19:35:03.0515 2416        ql12160 - ok

19:35:03.0531 2416        ql1240 - ok

19:35:03.0531 2416        ql1280 - ok

19:35:03.0562 2416        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

19:35:03.0687 2416        RasAcd - ok

19:35:03.0703 2416        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

19:35:03.0843 2416        RasAuto - ok

19:35:03.0875 2416        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

19:35:04.0000 2416        Rasl2tp - ok

19:35:04.0015 2416        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

19:35:04.0156 2416        RasMan - ok

19:35:04.0171 2416        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

19:35:04.0296 2416        RasPppoe - ok

19:35:04.0312 2416        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

19:35:04.0437 2416        Raspti - ok

19:35:04.0468 2416        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

19:35:04.0593 2416        Rdbss - ok

19:35:04.0609 2416        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

19:35:04.0718 2416        RDPCDD - ok

19:35:04.0765 2416        rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

19:35:04.0906 2416        rdpdr - ok

19:35:04.0937 2416        RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

19:35:04.0968 2416        RDPWD - ok

19:35:04.0984 2416        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

19:35:05.0125 2416        RDSessMgr - ok

19:35:05.0156 2416        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

19:35:05.0281 2416        redbook - ok

19:35:05.0296 2416        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

19:35:05.0421 2416        RemoteAccess - ok

19:35:05.0453 2416        RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll

19:35:05.0578 2416        RemoteRegistry - ok

19:35:05.0593 2416        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe

19:35:05.0718 2416        RpcLocator - ok

19:35:05.0765 2416        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll

19:35:05.0796 2416        RpcSs - ok

19:35:05.0812 2416        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe

19:35:05.0937 2416        RSVP - ok

19:35:05.0968 2416        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

19:35:06.0078 2416        SamSs - ok

19:35:06.0140 2416        SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS

19:35:06.0156 2416        SASDIFSV - ok

19:35:06.0171 2416        SASKUTIL        (61db0d0756a99506207fd724e3692b25) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS

19:35:06.0171 2416        SASKUTIL - ok

19:35:06.0203 2416        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

19:35:06.0328 2416        SCardSvr - ok

19:35:06.0359 2416        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

19:35:06.0500 2416        Schedule - ok

19:35:06.0515 2416        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

19:35:06.0625 2416        Secdrv - ok

19:35:06.0656 2416        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

19:35:06.0781 2416        seclogon - ok

19:35:06.0796 2416        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

19:35:06.0921 2416        SENS - ok

19:35:06.0937 2416        serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

19:35:07.0062 2416        serenum - ok

19:35:07.0062 2416        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys

19:35:07.0187 2416        Serial - ok

19:35:07.0218 2416        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

19:35:07.0328 2416        Sfloppy - ok

19:35:07.0375 2416        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

19:35:07.0515 2416        SharedAccess - ok

19:35:07.0546 2416        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

19:35:07.0562 2416        ShellHWDetection - ok

19:35:07.0562 2416        Simbad - ok

19:35:07.0578 2416        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

19:35:07.0703 2416        SLIP - ok

19:35:07.0718 2416        Sparrow - ok

19:35:07.0734 2416        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

19:35:07.0859 2416        splitter - ok

19:35:07.0890 2416        Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

19:35:07.0921 2416        Spooler - ok

19:35:07.0937 2416        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

19:35:08.0062 2416        sr - ok

19:35:08.0078 2416        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll

19:35:08.0218 2416        srservice - ok

19:35:08.0265 2416        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

19:35:08.0296 2416        Srv - ok

19:35:08.0312 2416        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

19:35:08.0437 2416        SSDPSRV - ok

19:35:08.0453 2416        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

19:35:08.0468 2416        ssmdrv - ok

19:35:08.0500 2416        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

19:35:08.0656 2416        stisvc - ok

19:35:08.0687 2416        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

19:35:08.0812 2416        streamip - ok

19:35:08.0828 2416        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

19:35:08.0953 2416        swenum - ok

19:35:08.0968 2416        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

19:35:09.0093 2416        swmidi - ok

19:35:09.0093 2416        SwPrv - ok

19:35:09.0109 2416        symc810 - ok

19:35:09.0109 2416        symc8xx - ok

19:35:09.0109 2416        sym_hi - ok

19:35:09.0125 2416        sym_u3 - ok

19:35:09.0140 2416        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

19:35:09.0265 2416        sysaudio - ok

19:35:09.0296 2416        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

19:35:09.0421 2416        SysmonLog - ok

19:35:09.0453 2416        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

19:35:09.0578 2416        TapiSrv - ok

19:35:09.0609 2416        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

19:35:09.0640 2416        Tcpip - ok

19:35:09.0656 2416        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

19:35:09.0781 2416        TDPIPE - ok

19:35:09.0796 2416        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

19:35:09.0906 2416        TDTCP - ok

19:35:09.0937 2416        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

19:35:10.0062 2416        TermDD - ok

19:35:10.0093 2416        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

19:35:10.0250 2416        TermService - ok

19:35:10.0281 2416        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

19:35:10.0296 2416        Themes - ok

19:35:10.0312 2416        TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe

19:35:10.0453 2416        TlntSvr - ok

19:35:10.0453 2416        TosIde - ok

19:35:10.0468 2416        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

19:35:10.0609 2416        TrkWks - ok

19:35:10.0640 2416        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

19:35:10.0750 2416        Udfs - ok

19:35:10.0765 2416        ultra - ok

19:35:10.0796 2416        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

19:35:10.0953 2416        Update - ok

19:35:10.0968 2416        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

19:35:11.0109 2416        upnphost - ok

19:35:11.0125 2416        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

19:35:11.0250 2416        UPS - ok

19:35:11.0265 2416        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

19:35:11.0390 2416        usbccgp - ok

19:35:11.0406 2416        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

19:35:11.0531 2416        usbehci - ok

19:35:11.0546 2416        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

19:35:11.0671 2416        usbhub - ok

19:35:11.0687 2416        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

19:35:11.0812 2416        usbprint - ok

19:35:11.0828 2416        usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:35:11.0937 2416        usbstor - ok

19:35:11.0953 2416        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

19:35:12.0062 2416        usbuhci - ok

19:35:12.0093 2416        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

19:35:12.0218 2416        VgaSave - ok

19:35:12.0218 2416        ViaIde - ok

19:35:12.0234 2416        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

19:35:12.0359 2416        VolSnap - ok

19:35:12.0390 2416        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

19:35:12.0531 2416        VSS - ok

19:35:12.0562 2416        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll

19:35:12.0687 2416        W32Time - ok

19:35:12.0703 2416        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

19:35:12.0843 2416        Wanarp - ok

19:35:12.0843 2416        WDICA - ok

19:35:12.0859 2416        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

19:35:13.0000 2416        wdmaud - ok

19:35:13.0015 2416        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

19:35:13.0140 2416        WebClient - ok

19:35:13.0187 2416        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

19:35:13.0312 2416        winmgmt - ok

19:35:13.0343 2416        WmdmPmSN        (6e18978b749f0696a774de3f2cb142dd) C:\WINDOWS\system32\mspmsnsv.dll

19:35:13.0468 2416        WmdmPmSN - ok

19:35:13.0531 2416        Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll

19:35:13.0578 2416        Wmi - ok

19:35:13.0609 2416        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

19:35:13.0734 2416        WmiApSrv - ok

19:35:13.0765 2416        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

19:35:13.0906 2416        wscsvc - ok

19:35:13.0921 2416        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

19:35:14.0046 2416        WSTCODEC - ok

19:35:14.0062 2416        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

19:35:14.0187 2416        wuauserv - ok

19:35:14.0234 2416        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

19:35:14.0375 2416        WZCSVC - ok

19:35:14.0390 2416        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

19:35:14.0562 2416        xmlprov - ok

19:35:14.0593 2416        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

19:35:15.0015 2416        \Device\Harddisk0\DR0 ( TDSS File System ) - warning

19:35:15.0015 2416        \Device\Harddisk0\DR0 - detected TDSS File System (1)

19:35:15.0031 2416        MBR (0x1B8)     (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk1\DR1

19:35:15.0078 2416        \Device\Harddisk1\DR1 - ok

19:35:15.0078 2416        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR8

19:35:18.0437 2416        \Device\Harddisk5\DR8 - ok

19:35:18.0437 2416        MBR (0x1B8)     (b8ca217c4021c23ac709d6e6bcbb9e20) \Device\Harddisk6\DR9

19:35:18.0625 2416        \Device\Harddisk6\DR9 - ok

19:35:18.0625 2416        Boot (0x1200)   (31117e3f4421da04e2209c1d80988f85) \Device\Harddisk0\DR0\Partition0

19:35:18.0625 2416        \Device\Harddisk0\DR0\Partition0 - ok

19:35:18.0640 2416        Boot (0x1200)   (f48f14286da8b8c7be68936e9087a8e0) \Device\Harddisk0\DR0\Partition1

19:35:18.0640 2416        \Device\Harddisk0\DR0\Partition1 - ok

19:35:18.0640 2416        Boot (0x1200)   (4eb6a976af183366c444a09981d648e4) \Device\Harddisk1\DR1\Partition0

19:35:18.0640 2416        \Device\Harddisk1\DR1\Partition0 - ok

19:35:18.0656 2416        Boot (0x1200)   (87a0eb4ead04758e9eef1ae99037f53c) \Device\Harddisk5\DR8\Partition0

19:35:18.0656 2416        \Device\Harddisk5\DR8\Partition0 - ok

19:35:18.0656 2416        ============================================================

19:35:18.0656 2416        Scan finished

19:35:18.0656 2416        ============================================================

19:35:18.0765 3224        Detected object count: 5

19:35:18.0765 3224        Actual detected object count: 5

19:35:36.0046 3224        DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user

19:35:36.0046 3224        DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:35:36.0046 3224        ftsata2 ( UnsignedFile.Multi.Generic ) - skipped by user

19:35:36.0046 3224        ftsata2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:35:36.0046 3224        PCANDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user

19:35:36.0046 3224        PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:35:36.0046 3224        PRISM_A02 ( UnsignedFile.Multi.Generic ) - skipped by user

19:35:36.0046 3224        PRISM_A02 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:35:36.0046 3224        \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

19:35:36.0046 3224        \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Zitat:

\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

Das TDSS File System bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.

Code:

15:16:02.0125 3548        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

15:16:02.0328 3548        ============================================================

15:16:02.0328 3548        Current date / time: 2012/06/06 15:16:02.0328

15:16:02.0328 3548        SystemInfo:

15:16:02.0328 3548        

15:16:02.0328 3548        OS Version: 5.1.2600 ServicePack: 3.0

15:16:02.0328 3548        Product type: Workstation

15:16:02.0328 3548        ComputerName: PC-LUENDORF

15:16:02.0328 3548        UserName: Administrator

15:16:02.0328 3548        Windows directory: C:\WINDOWS

15:16:02.0328 3548        System windows directory: C:\WINDOWS

15:16:02.0328 3548        Processor architecture: Intel x86

15:16:02.0328 3548        Number of processors: 2

15:16:02.0328 3548        Page size: 0x1000

15:16:02.0328 3548        Boot type: Normal boot

15:16:02.0328 3548        ============================================================

15:16:04.0265 3548        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

15:16:04.0281 3548        Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

15:16:04.0296 3548        Drive \Device\Harddisk5\DR8 - Size: 0xF3000000 (3.80 Gb), SectorSize: 0x200, Cylinders: 0x1EF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

15:16:04.0296 3548        ============================================================

15:16:04.0296 3548        \Device\Harddisk0\DR0:

15:16:04.0296 3548        MBR partitions:

15:16:04.0296 3548        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1

15:16:04.0312 3548        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0xEF7E8D1

15:16:04.0312 3548        \Device\Harddisk1\DR1:

15:16:04.0312 3548        MBR partitions:

15:16:04.0312 3548        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82

15:16:04.0312 3548        \Device\Harddisk5\DR8:

15:16:04.0312 3548        MBR partitions:

15:16:04.0312 3548        \Device\Harddisk5\DR8\Partition0: MBR, Type 0xC, StartLBA 0x30, BlocksNum 0x797FD0

15:16:04.0312 3548        ============================================================

15:16:04.0343 3548        C: <-> \Device\Harddisk0\DR0\Partition0

15:16:04.0359 3548        D: <-> \Device\Harddisk1\DR1\Partition0

15:16:04.0390 3548        E: <-> \Device\Harddisk0\DR0\Partition1

15:16:04.0390 3548        ============================================================

15:16:04.0390 3548        Initialize success

15:16:04.0390 3548        ============================================================

15:16:12.0140 3448        ============================================================

15:16:12.0140 3448        Scan started

15:16:12.0140 3448        Mode: Manual; SigCheck; TDLFS; 

15:16:12.0140 3448        ============================================================

15:16:14.0359 3448        Abiosdsk - ok

15:16:14.0359 3448        abp480n5 - ok

15:16:14.0390 3448        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:16:15.0796 3448        ACPI - ok

15:16:15.0812 3448        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

15:16:15.0953 3448        ACPIEC - ok

15:16:15.0968 3448        adpu160m - ok

15:16:15.0984 3448        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

15:16:16.0140 3448        aec - ok

15:16:16.0171 3448        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

15:16:16.0218 3448        AFD - ok

15:16:16.0218 3448        Aha154x - ok

15:16:16.0218 3448        aic78u2 - ok

15:16:16.0218 3448        aic78xx - ok

15:16:16.0250 3448        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

15:16:16.0390 3448        Alerter - ok

15:16:16.0406 3448        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

15:16:16.0531 3448        ALG - ok

15:16:16.0531 3448        AliIde - ok

15:16:16.0531 3448        amsint - ok

15:16:16.0609 3448        AntiVirSchedulerService (9828ffe47fbeb08b509a7717e4f77cc7) C:\Programme\Avira\AntiVir Desktop\sched.exe

15:16:16.0625 3448        AntiVirSchedulerService - ok

15:16:16.0640 3448        AntiVirService  (bbc02905032d453c0e18d5110f841902) C:\Programme\Avira\AntiVir Desktop\avguard.exe

15:16:16.0656 3448        AntiVirService - ok

15:16:16.0687 3448        AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll

15:16:16.0828 3448        AppMgmt - ok

15:16:16.0843 3448        Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

15:16:16.0984 3448        Arp1394 - ok

15:16:16.0984 3448        asc - ok

15:16:16.0984 3448        asc3350p - ok

15:16:17.0000 3448        asc3550 - ok

15:16:17.0078 3448        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

15:16:17.0093 3448        aspnet_state - ok

15:16:17.0109 3448        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:16:17.0234 3448        AsyncMac - ok

15:16:17.0250 3448        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

15:16:17.0390 3448        atapi - ok

15:16:17.0390 3448        Atdisk - ok

15:16:17.0437 3448        Ati HotKey Poller (c23082b890f21267037ca6111c385ff3) C:\WINDOWS\system32\Ati2evxx.exe

15:16:17.0500 3448        Ati HotKey Poller - ok

15:16:17.0578 3448        ati2mtag        (f5fc6ac1e7bc776871361d463fc86be2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

15:16:17.0656 3448        ati2mtag - ok

15:16:17.0718 3448        ATIAVAIW        (632fd762fa5183fabc01687a4cd357b8) C:\WINDOWS\system32\DRIVERS\atinavt2.sys

15:16:17.0750 3448        ATIAVAIW - ok

15:16:17.0781 3448        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:16:17.0921 3448        Atmarpc - ok

15:16:17.0937 3448        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

15:16:18.0078 3448        AudioSrv - ok

15:16:18.0093 3448        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

15:16:18.0234 3448        audstub - ok

15:16:18.0296 3448        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys

15:16:18.0312 3448        avgio - ok

15:16:18.0343 3448        avgntflt        (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

15:16:18.0453 3448        avgntflt - ok

15:16:18.0484 3448        avipbb          (524b9e78e396c00968c5629ed5bbfab0) C:\WINDOWS\system32\DRIVERS\avipbb.sys

15:16:18.0500 3448        avipbb - ok

15:16:18.0515 3448        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

15:16:18.0656 3448        Beep - ok

15:16:18.0687 3448        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

15:16:18.0859 3448        BITS - ok

15:16:18.0890 3448        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

15:16:19.0031 3448        Browser - ok

15:16:19.0093 3448        catchme - ok

15:16:19.0109 3448        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

15:16:19.0250 3448        cbidf2k - ok

15:16:19.0265 3448        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

15:16:19.0406 3448        CCDECODE - ok

15:16:19.0406 3448        cd20xrnt - ok

15:16:19.0421 3448        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

15:16:19.0562 3448        Cdaudio - ok

15:16:19.0578 3448        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

15:16:19.0734 3448        Cdfs - ok

15:16:19.0750 3448        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

15:16:19.0890 3448        Cdrom - ok

15:16:19.0890 3448        Changer - ok

15:16:19.0921 3448        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe

15:16:20.0078 3448        CiSvc - ok

15:16:20.0078 3448        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

15:16:20.0218 3448        ClipSrv - ok

15:16:20.0281 3448        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:16:20.0296 3448        clr_optimization_v2.0.50727_32 - ok

15:16:20.0296 3448        CmdIde - ok

15:16:20.0296 3448        COMSysApp - ok

15:16:20.0312 3448        Cpqarray - ok

15:16:20.0343 3448        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

15:16:20.0484 3448        CryptSvc - ok

15:16:20.0484 3448        dac2w2k - ok

15:16:20.0484 3448        dac960nt - ok

15:16:20.0531 3448        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

15:16:20.0593 3448        DcomLaunch - ok

15:16:20.0625 3448        DgiVecp         (a5034f77b278f07e224fe07cf98a8b76) C:\WINDOWS\system32\Drivers\DgiVecp.sys

15:16:20.0640 3448        DgiVecp ( UnsignedFile.Multi.Generic ) - warning

15:16:20.0640 3448        DgiVecp - detected UnsignedFile.Multi.Generic (1)

15:16:20.0656 3448        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

15:16:20.0796 3448        Dhcp - ok

15:16:20.0828 3448        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

15:16:20.0953 3448        Disk - ok

15:16:20.0953 3448        dmadmin - ok

15:16:21.0000 3448        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

15:16:21.0171 3448        dmboot - ok

15:16:21.0203 3448        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

15:16:21.0359 3448        dmio - ok

15:16:21.0359 3448        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

15:16:21.0484 3448        dmload - ok

15:16:21.0500 3448        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

15:16:21.0640 3448        dmserver - ok

15:16:21.0671 3448        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

15:16:21.0796 3448        DMusic - ok

15:16:21.0828 3448        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll

15:16:21.0875 3448        Dnscache - ok

15:16:21.0906 3448        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

15:16:22.0046 3448        Dot3svc - ok

15:16:22.0046 3448        dpti2o - ok

15:16:22.0062 3448        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

15:16:22.0203 3448        drmkaud - ok

15:16:22.0218 3448        E100B           (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys

15:16:22.0281 3448        E100B - ok

15:16:22.0296 3448        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

15:16:22.0421 3448        EapHost - ok

15:16:22.0437 3448        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

15:16:22.0593 3448        ERSvc - ok

15:16:22.0609 3448        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

15:16:22.0640 3448        Eventlog - ok

15:16:22.0671 3448        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll

15:16:22.0703 3448        EventSystem - ok

15:16:22.0734 3448        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

15:16:22.0859 3448        Fastfat - ok

15:16:22.0890 3448        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

15:16:22.0937 3448        FastUserSwitchingCompatibility - ok

15:16:22.0953 3448        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

15:16:23.0078 3448        Fdc - ok

15:16:23.0093 3448        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

15:16:23.0218 3448        Fips - ok

15:16:23.0234 3448        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

15:16:23.0359 3448        Flpydisk - ok

15:16:23.0375 3448        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

15:16:23.0500 3448        FltMgr - ok

15:16:23.0578 3448        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

15:16:23.0593 3448        FontCache3.0.0.0 - ok

15:16:23.0609 3448        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:16:23.0734 3448        Fs_Rec - ok

15:16:23.0750 3448        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:16:23.0890 3448        Ftdisk - ok

15:16:23.0921 3448        ftsata2         (65b50b303ff74a5517117ba3d25dbe7f) C:\WINDOWS\system32\drivers\ftsata2.sys

15:16:23.0953 3448        ftsata2 ( UnsignedFile.Multi.Generic ) - warning

15:16:23.0953 3448        ftsata2 - detected UnsignedFile.Multi.Generic (1)

15:16:24.0000 3448        GarenaPEngine - ok

15:16:24.0031 3448        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:16:24.0156 3448        Gpc - ok

15:16:24.0187 3448        HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\WINDOWS\system32\drivers\HdAudio.sys

15:16:24.0218 3448        HdAudAddService - ok

15:16:24.0250 3448        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

15:16:24.0375 3448        HDAudBus - ok

15:16:24.0421 3448        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

15:16:24.0546 3448        helpsvc - ok

15:16:24.0546 3448        HidServ - ok

15:16:24.0562 3448        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:16:24.0687 3448        HidUsb - ok

15:16:24.0718 3448        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

15:16:24.0843 3448        hkmsvc - ok

15:16:24.0843 3448        hpn - ok

15:16:24.0875 3448        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

15:16:24.0921 3448        HTTP - ok

15:16:24.0937 3448        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

15:16:25.0078 3448        HTTPFilter - ok

15:16:25.0078 3448        i2omgmt - ok

15:16:25.0078 3448        i2omp - ok

15:16:25.0109 3448        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:16:25.0250 3448        i8042prt - ok

15:16:25.0296 3448        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

15:16:25.0359 3448        idsvc - ok

15:16:25.0390 3448        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

15:16:25.0515 3448        Imapi - ok

15:16:25.0546 3448        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe

15:16:25.0671 3448        ImapiService - ok

15:16:25.0687 3448        ini910u - ok

15:16:25.0687 3448        IntelIde - ok

15:16:25.0718 3448        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

15:16:25.0859 3448        intelppm - ok

15:16:25.0875 3448        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

15:16:25.0984 3448        Ip6Fw - ok

15:16:26.0015 3448        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:16:26.0140 3448        IpFilterDriver - ok

15:16:26.0156 3448        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:16:26.0281 3448        IpInIp - ok

15:16:26.0312 3448        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:16:26.0453 3448        IpNat - ok

15:16:26.0484 3448        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:16:26.0609 3448        IPSec - ok

15:16:26.0625 3448        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

15:16:26.0750 3448        IRENUM - ok

15:16:26.0765 3448        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:16:26.0890 3448        isapnp - ok

15:16:26.0968 3448        JavaQuickStarterService (e4ae0cbc0b55a5faa6996e38ce6c981b) C:\Programme\Java\jre6\bin\jqs.exe

15:16:26.0984 3448        JavaQuickStarterService - ok

15:16:27.0000 3448        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:16:27.0140 3448        Kbdclass - ok

15:16:27.0156 3448        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

15:16:27.0312 3448        kmixer - ok

15:16:27.0328 3448        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

15:16:27.0390 3448        KSecDD - ok

15:16:27.0421 3448        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll

15:16:27.0468 3448        lanmanserver - ok

15:16:27.0500 3448        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll

15:16:27.0546 3448        lanmanworkstation - ok

15:16:27.0546 3448        lbrtfdc - ok

15:16:27.0593 3448        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

15:16:27.0718 3448        LmHosts - ok

15:16:27.0734 3448        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

15:16:27.0859 3448        Messenger - ok

15:16:27.0890 3448        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

15:16:28.0000 3448        mnmdd - ok

15:16:28.0031 3448        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe

15:16:28.0171 3448        mnmsrvc - ok

15:16:28.0171 3448        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

15:16:28.0312 3448        Modem - ok

15:16:28.0328 3448        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:16:28.0453 3448        Mouclass - ok

15:16:28.0484 3448        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

15:16:28.0609 3448        mouhid - ok

15:16:28.0625 3448        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

15:16:28.0734 3448        MountMgr - ok

15:16:28.0750 3448        MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

15:16:28.0890 3448        MPE - ok

15:16:28.0890 3448        mraid35x - ok

15:16:28.0906 3448        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:16:29.0046 3448        MRxDAV - ok

15:16:29.0093 3448        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:16:29.0140 3448        MRxSmb - ok

15:16:29.0171 3448        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe

15:16:29.0281 3448        MSDTC - ok

15:16:29.0296 3448        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

15:16:29.0421 3448        Msfs - ok

15:16:29.0421 3448        MSIServer - ok

15:16:29.0453 3448        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:16:29.0578 3448        MSKSSRV - ok

15:16:29.0593 3448        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:16:29.0718 3448        MSPCLOCK - ok

15:16:29.0734 3448        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

15:16:29.0859 3448        MSPQM - ok

15:16:29.0875 3448        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:16:30.0000 3448        mssmbios - ok

15:16:30.0015 3448        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

15:16:30.0140 3448        MSTEE - ok

15:16:30.0171 3448        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

15:16:30.0218 3448        Mup - ok

15:16:30.0234 3448        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

15:16:30.0375 3448        NABTSFEC - ok

15:16:30.0406 3448        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

15:16:30.0546 3448        napagent - ok

15:16:30.0562 3448        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

15:16:30.0703 3448        NDIS - ok

15:16:30.0718 3448        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

15:16:30.0843 3448        NdisIP - ok

15:16:30.0875 3448        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:16:30.0921 3448        NdisTapi - ok

15:16:30.0937 3448        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:16:31.0062 3448        Ndisuio - ok

15:16:31.0078 3448        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:16:31.0203 3448        NdisWan - ok

15:16:31.0234 3448        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

15:16:31.0265 3448        NDProxy - ok

15:16:31.0296 3448        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

15:16:31.0421 3448        NetBIOS - ok

15:16:31.0453 3448        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

15:16:31.0578 3448        NetBT - ok

15:16:31.0609 3448        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

15:16:31.0750 3448        NetDDE - ok

15:16:31.0750 3448        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

15:16:31.0875 3448        NetDDEdsdm - ok

15:16:31.0890 3448        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

15:16:32.0015 3448        Netlogon - ok

15:16:32.0046 3448        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

15:16:32.0171 3448        Netman - ok

15:16:32.0281 3448        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:16:32.0296 3448        NetTcpPortSharing - ok

15:16:32.0312 3448        NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

15:16:32.0437 3448        NIC1394 - ok

15:16:32.0468 3448        Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll

15:16:32.0500 3448        Nla - ok

15:16:32.0531 3448        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

15:16:32.0656 3448        Npfs - ok

15:16:32.0687 3448        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

15:16:32.0828 3448        Ntfs - ok

15:16:32.0828 3448        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

15:16:32.0953 3448        NtLmSsp - ok

15:16:33.0000 3448        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

15:16:33.0156 3448        NtmsSvc - ok

15:16:33.0171 3448        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

15:16:33.0281 3448        Null - ok

15:16:33.0312 3448        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:16:33.0437 3448        NwlnkFlt - ok

15:16:33.0453 3448        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:16:33.0578 3448        NwlnkFwd - ok

15:16:33.0593 3448        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

15:16:33.0718 3448        ohci1394 - ok

15:16:33.0765 3448        ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

15:16:33.0781 3448        ose - ok

15:16:33.0812 3448        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys

15:16:33.0937 3448        Parport - ok

15:16:33.0937 3448        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

15:16:34.0062 3448        PartMgr - ok

15:16:34.0078 3448        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

15:16:34.0218 3448        ParVdm - ok

15:16:34.0234 3448        PCANDIS5        (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\system32\PCANDIS5.SYS

15:16:34.0250 3448        PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning

15:16:34.0250 3448        PCANDIS5 - detected UnsignedFile.Multi.Generic (1)

15:16:34.0281 3448        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

15:16:34.0390 3448        PCI - ok

15:16:34.0406 3448        PCIDump - ok

15:16:34.0406 3448        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

15:16:34.0531 3448        PCIIde - ok

15:16:34.0562 3448        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

15:16:34.0703 3448        Pcmcia - ok

15:16:34.0703 3448        PDCOMP - ok

15:16:34.0703 3448        PDFRAME - ok

15:16:34.0718 3448        PDRELI - ok

15:16:34.0718 3448        PDRFRAME - ok

15:16:34.0718 3448        perc2 - ok

15:16:34.0734 3448        perc2hib - ok

15:16:34.0765 3448        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

15:16:34.0781 3448        PlugPlay - ok

15:16:34.0812 3448        PnkBstrA        (831883b107684301f48ace752c963984) C:\WINDOWS\system32\PnkBstrA.exe

15:16:34.0828 3448        PnkBstrA - ok

15:16:34.0843 3448        PnkBstrB        (e24106a5eaecddff00b25497049dd65f) C:\WINDOWS\system32\PnkBstrB.exe

15:16:34.0859 3448        PnkBstrB - ok

15:16:34.0875 3448        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

15:16:34.0984 3448        PolicyAgent - ok

15:16:35.0000 3448        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:16:35.0125 3448        PptpMiniport - ok

15:16:35.0156 3448        PRISM_A02       (7796947d857d87491c78afad014a855a) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys

15:16:35.0187 3448        PRISM_A02 ( UnsignedFile.Multi.Generic ) - warning

15:16:35.0187 3448        PRISM_A02 - detected UnsignedFile.Multi.Generic (1)

15:16:35.0187 3448        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

15:16:35.0296 3448        ProtectedStorage - ok

15:16:35.0328 3448        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:16:35.0453 3448        Ptilink - ok

15:16:35.0453 3448        ql1080 - ok

15:16:35.0453 3448        Ql10wnt - ok

15:16:35.0468 3448        ql12160 - ok

15:16:35.0468 3448        ql1240 - ok

15:16:35.0468 3448        ql1280 - ok

15:16:35.0500 3448        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:16:35.0625 3448        RasAcd - ok

15:16:35.0640 3448        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

15:16:35.0781 3448        RasAuto - ok

15:16:35.0796 3448        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:16:35.0921 3448        Rasl2tp - ok

15:16:35.0953 3448        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

15:16:36.0078 3448        RasMan - ok

15:16:36.0093 3448        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:16:36.0218 3448        RasPppoe - ok

15:16:36.0234 3448        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

15:16:36.0359 3448        Raspti - ok

15:16:36.0390 3448        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:16:36.0515 3448        Rdbss - ok

15:16:36.0531 3448        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:16:36.0640 3448        RDPCDD - ok

15:16:36.0671 3448        rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

15:16:36.0796 3448        rdpdr - ok

15:16:36.0843 3448        RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

15:16:36.0890 3448        RDPWD - ok

15:16:36.0906 3448        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

15:16:37.0046 3448        RDSessMgr - ok

15:16:37.0078 3448        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

15:16:37.0203 3448        redbook - ok

15:16:37.0218 3448        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

15:16:37.0343 3448        RemoteAccess - ok

15:16:37.0375 3448        RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll

15:16:37.0500 3448        RemoteRegistry - ok

15:16:37.0515 3448        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe

15:16:37.0640 3448        RpcLocator - ok

15:16:37.0687 3448        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll

15:16:37.0718 3448        RpcSs - ok

15:16:37.0734 3448        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe

15:16:37.0859 3448        RSVP - ok

15:16:37.0890 3448        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

15:16:38.0015 3448        SamSs - ok

15:16:38.0078 3448        SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS

15:16:38.0093 3448        SASDIFSV - ok

15:16:38.0109 3448        SASKUTIL        (61db0d0756a99506207fd724e3692b25) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS

15:16:38.0109 3448        SASKUTIL - ok

15:16:38.0140 3448        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

15:16:38.0265 3448        SCardSvr - ok

15:16:38.0296 3448        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

15:16:38.0421 3448        Schedule - ok

15:16:38.0468 3448        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:16:38.0578 3448        Secdrv - ok

15:16:38.0593 3448        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

15:16:38.0718 3448        seclogon - ok

15:16:38.0734 3448        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

15:16:38.0875 3448        SENS - ok

15:16:38.0890 3448        serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

15:16:39.0000 3448        serenum - ok

15:16:39.0015 3448        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys

15:16:39.0140 3448        Serial - ok

15:16:39.0156 3448        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

15:16:39.0281 3448        Sfloppy - ok

15:16:39.0312 3448        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

15:16:39.0453 3448        SharedAccess - ok

15:16:39.0484 3448        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

15:16:39.0500 3448        ShellHWDetection - ok

15:16:39.0500 3448        Simbad - ok

15:16:39.0515 3448        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

15:16:39.0640 3448        SLIP - ok

15:16:39.0640 3448        Sparrow - ok

15:16:39.0671 3448        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

15:16:39.0796 3448        splitter - ok

15:16:39.0812 3448        Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

15:16:39.0859 3448        Spooler - ok

15:16:39.0875 3448        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

15:16:40.0000 3448        sr - ok

15:16:40.0015 3448        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll

15:16:40.0156 3448        srservice - ok

15:16:40.0203 3448        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

15:16:40.0234 3448        Srv - ok

15:16:40.0250 3448        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

15:16:40.0390 3448        SSDPSRV - ok

15:16:40.0406 3448        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

15:16:40.0406 3448        ssmdrv - ok

15:16:40.0437 3448        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

15:16:40.0593 3448        stisvc - ok

15:16:40.0609 3448        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

15:16:40.0734 3448        streamip - ok

15:16:40.0750 3448        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

15:16:40.0875 3448        swenum - ok

15:16:40.0890 3448        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

15:16:41.0015 3448        swmidi - ok

15:16:41.0015 3448        SwPrv - ok

15:16:41.0015 3448        symc810 - ok

15:16:41.0031 3448        symc8xx - ok

15:16:41.0031 3448        sym_hi - ok

15:16:41.0031 3448        sym_u3 - ok

15:16:41.0046 3448        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

15:16:41.0187 3448        sysaudio - ok

15:16:41.0203 3448        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

15:16:41.0328 3448        SysmonLog - ok

15:16:41.0359 3448        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

15:16:41.0484 3448        TapiSrv - ok

15:16:41.0531 3448        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:16:41.0562 3448        Tcpip - ok

15:16:41.0578 3448        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

15:16:41.0703 3448        TDPIPE - ok

15:16:41.0703 3448        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

15:16:41.0828 3448        TDTCP - ok

15:16:41.0843 3448        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

15:16:41.0953 3448        TermDD - ok

15:16:42.0000 3448        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

15:16:42.0140 3448        TermService - ok

15:16:42.0156 3448        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

15:16:42.0171 3448        Themes - ok

15:16:42.0203 3448        TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe

15:16:42.0328 3448        TlntSvr - ok

15:16:42.0328 3448        TosIde - ok

15:16:42.0343 3448        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

15:16:42.0484 3448        TrkWks - ok

15:16:42.0500 3448        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

15:16:42.0625 3448        Udfs - ok

15:16:42.0640 3448        ultra - ok

15:16:42.0671 3448        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

15:16:42.0812 3448        Update - ok

15:16:42.0843 3448        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

15:16:42.0968 3448        upnphost - ok

15:16:42.0984 3448        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

15:16:43.0109 3448        UPS - ok

15:16:43.0140 3448        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

15:16:43.0250 3448        usbccgp - ok

15:16:43.0265 3448        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

15:16:43.0390 3448        usbehci - ok

15:16:43.0406 3448        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:16:43.0531 3448        usbhub - ok

15:16:43.0546 3448        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

15:16:43.0671 3448        usbprint - ok

15:16:43.0687 3448        usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:16:43.0796 3448        usbstor - ok

15:16:43.0812 3448        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

15:16:43.0921 3448        usbuhci - ok

15:16:43.0953 3448        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

15:16:44.0078 3448        VgaSave - ok

15:16:44.0078 3448        ViaIde - ok

15:16:44.0093 3448        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

15:16:44.0218 3448        VolSnap - ok

15:16:44.0250 3448        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

15:16:44.0390 3448        VSS - ok

15:16:44.0406 3448        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll

15:16:44.0546 3448        W32Time - ok

15:16:44.0562 3448        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:16:44.0687 3448        Wanarp - ok

15:16:44.0703 3448        WDICA - ok

15:16:44.0718 3448        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

15:16:44.0843 3448        wdmaud - ok

15:16:44.0859 3448        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

15:16:45.0000 3448        WebClient - ok

15:16:45.0046 3448        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

15:16:45.0171 3448        winmgmt - ok

15:16:45.0203 3448        WmdmPmSN        (6e18978b749f0696a774de3f2cb142dd) C:\WINDOWS\system32\mspmsnsv.dll

15:16:45.0328 3448        WmdmPmSN - ok

15:16:45.0375 3448        Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll

15:16:45.0421 3448        Wmi - ok

15:16:45.0484 3448        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

15:16:45.0593 3448        WmiApSrv - ok

15:16:45.0625 3448        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

15:16:45.0765 3448        wscsvc - ok

15:16:45.0781 3448        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

15:16:45.0906 3448        WSTCODEC - ok

15:16:45.0921 3448        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

15:16:46.0046 3448        wuauserv - ok

15:16:46.0078 3448        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

15:16:46.0218 3448        WZCSVC - ok

15:16:46.0234 3448        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

15:16:46.0406 3448        xmlprov - ok

15:16:46.0437 3448        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

15:16:46.0937 3448        \Device\Harddisk0\DR0 - ok

15:16:46.0953 3448        MBR (0x1B8)     (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk1\DR1

15:16:47.0000 3448        \Device\Harddisk1\DR1 - ok

15:16:47.0000 3448        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR8

15:16:50.0390 3448        \Device\Harddisk5\DR8 - ok

15:16:50.0406 3448        Boot (0x1200)   (31117e3f4421da04e2209c1d80988f85) \Device\Harddisk0\DR0\Partition0

15:16:50.0406 3448        \Device\Harddisk0\DR0\Partition0 - ok

15:16:50.0406 3448        Boot (0x1200)   (f48f14286da8b8c7be68936e9087a8e0) \Device\Harddisk0\DR0\Partition1

15:16:50.0406 3448        \Device\Harddisk0\DR0\Partition1 - ok

15:16:50.0421 3448        Boot (0x1200)   (4eb6a976af183366c444a09981d648e4) \Device\Harddisk1\DR1\Partition0

15:16:50.0421 3448        \Device\Harddisk1\DR1\Partition0 - ok

15:16:50.0421 3448        Boot (0x1200)   (87a0eb4ead04758e9eef1ae99037f53c) \Device\Harddisk5\DR8\Partition0

15:16:50.0421 3448        \Device\Harddisk5\DR8\Partition0 - ok

15:16:50.0421 3448        ============================================================

15:16:50.0421 3448        Scan finished

15:16:50.0421 3448        ============================================================

15:16:50.0531 3576        Detected object count: 4

15:16:50.0531 3576        Actual detected object count: 4

15:29:36.0812 3576        DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user

15:29:36.0812 3576        DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:29:36.0812 3576        ftsata2 ( UnsignedFile.Multi.Generic ) - skipped by user

15:29:36.0812 3576        ftsata2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:29:36.0812 3576        PCANDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user

15:29:36.0812 3576        PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:29:36.0812 3576        PRISM_A02 ( UnsignedFile.Multi.Generic ) - skipped by user

15:29:36.0812 3576        PRISM_A02 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Code:

ComboFix 12-06-07.03 - Administrator 07.06.2012  18:16:43.6.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2046.1599 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\dokumente und einstellungen\Administrator\4.0

c:\programme\xp-AntiSpy

c:\programme\xp-AntiSpy\Uninstall.exe

c:\programme\xp-AntiSpy\xp-AntiSpy.chm

c:\programme\xp-AntiSpy\xp-AntiSpy.exe

c:\programme\xp-AntiSpy\xp-AntiSpy.url

c:\programme\xp-AntiSpy\xp-AntiSpy_3.9.3.exe

c:\windows\e.bat

c:\windows\pkunzip.pif

c:\windows\pkzip.pif

c:\windows\s.bat

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\empty.exe

c:\windows\system32\remover.exe

c:\windows\system32\tooldownloadreadme.htm

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-05-07 bis 2012-06-07  ))))))))))))))))))))))))))))))

.

.

2012-06-03 12:37 . 2012-06-03 12:37        --------        d-----w-        c:\programme\Dropbox

2012-06-03 12:26 . 2012-06-03 12:26        --------        d-----w-        C:\TDSSKiller_Quarantine

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-31 13:22 . 2002-12-31 12:00        604160        ----a-w-        c:\windows\system32\crypt32.dll

2012-05-06 16:48 . 2012-05-06 16:48        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2012-05-06 16:48 . 2011-08-24 11:40        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-11 13:51 . 2004-08-04 00:50        2029056        ------w-        c:\windows\system32\ntkrnlpa.exe

2012-04-11 13:51 . 2002-12-31 12:00        2150912        ------w-        c:\windows\system32\ntoskrnl.exe

2012-04-11 13:51 . 2002-12-31 12:00        1862400        ----a-w-        c:\windows\system32\win32k.sys

2012-04-04 13:56 . 2009-08-20 13:43        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17        94208        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17        94208        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17        94208        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17        94208        ----a-w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-28 2424560]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-04-10 979344]

"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2006-06-28 98304]

.

c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\

Dropbox.lnk - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21        548352        ----a-w-        c:\programme\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\The Creative Assembly\\Rome - Total War\\RomeTW.exe"=

"c:\\Programme\\The Creative Assembly\\Rome - Total War\\RomeTW-BI.exe"=

"c:\\Dokumente und Einstellungen\\Administrator\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Dokumente und Einstellungen\\Administrator\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Programme\\Java\\jre6\\bin\\java.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\WINDOWS\\system32\\msiexec.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

.

R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 20:25 12872]

R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 20:41 67656]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [15.07.2010 23:20 135336]

S3 GarenaPEngine;GarenaPEngine;\??\c:\dokume~1\ADMINI~1\LOKALE~1\Temp\YLO5.tmp --> c:\dokume~1\ADMINI~1\LOKALE~1\Temp\YLO5.tmp [?]

.

Inhalt des "geplante Tasks" Ordners

.

2012-06-07 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: kaspersky.com\www

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{0B316D96-1017-4617-B52A-C617BD9C68B8}: NameServer = 192.168.100.1

FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\9oes8frx.default\

FF - prefs.js: browser.search.selectedEngine - 

FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

SafeBoot-57890767.sys

MSConfigStartUp-Upgrade - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Google Inc.\{2EBC3A8B-7B80-4F71-A899-18741E4D3207}\Upgrade.exe

AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-06-07 18:20

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]

"ImagePath"="\??\c:\dokume~1\ADMINI~1\LOKALE~1\Temp\YLO5.tmp"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-746137067-1177238915-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,51,b8,e4,82,d1,15,49,be,7e,73,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,09,3d,96,18,26,c8,4d,95,4c,14,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,51,b8,e4,82,d1,15,49,be,7e,73,\

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'winlogon.exe'(516)

c:\programme\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\Ati2evxx.dll

.

Zeit der Fertigstellung: 2012-06-07  18:22:23

ComboFix-quarantined-files.txt  2012-06-07 16:22

ComboFix2.txt  2010-07-15 13:22

.

Vor Suchlauf: 3.812.515.840 Bytes frei

Nach Suchlauf: 4.012.691.456 Bytes frei

.

- - End Of File - - 1C9E43BC2C120C8E9139A19E01FA21D1

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-06-07 23:10:05

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3160023AS rev.3.00

Running: t71w1xty.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pxldiuod.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            BA76072E                                                                                                   ZwCreateKey

SSDT            BA760724                                                                                                   ZwCreateThread

SSDT            BA760733                                                                                                   ZwDeleteKey

SSDT            BA76073D                                                                                                   ZwDeleteValueKey

SSDT            BA760742                                                                                                   ZwLoadKey

SSDT            BA760710                                                                                                   ZwOpenProcess

SSDT            BA760715                                                                                                   ZwOpenThread

SSDT            BA76074C                                                                                                   ZwReplaceKey

SSDT            BA760747                                                                                                   ZwRestoreKey

SSDT            BA760738                                                                                                   ZwSetValueKey

SSDT            \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)  ZwTerminateProcess [0xA958C620]
 

Code            \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys                                                         pIofCallDriver
 

---- Kernel code sections - GMER 1.0.15 ----
 

?               C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                 Das System kann die angegebene Datei nicht finden. !

?               C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys                                                             Das System kann die angegebene Datei nicht finden. !
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                   fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 

---- EOF - GMER 1.0.15 ----

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 00:29:11 on 08.06.2012
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"OGALogon.job" - ? - C:\WINDOWS\system32\OGAEXEC.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"cttune.cpl" - ? - C:\WINDOWS\system32\cttune.cpl

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Oracle" - C:\WINDOWS\system32\javacpl.cpl

"NeroBurnRights.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\NeroBurnRights.cpl

"QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\QuickTime.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"Avira AntiVir Personal – Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"ftsata2" (ftsata2) - "Promise Technology, Inc." - C:\WINDOWS\system32\drivers\ftsata2.sys

"GarenaPEngine" (GarenaPEngine) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\YLO5.tmp  (File not found)

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)

"PCANDIS5 NDIS Protocol Driver" (PCANDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\PCANDIS5.SYS

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"pxldiuod" (pxldiuod) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pxldiuod.sys  (Hidden registry entry, rootkit activity | File not found)

"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS

"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS

"Sinus 154 stick" (PRISM_A02) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\PRISMA02.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"Team MFP Comm Driver" (DgiVecp) - "DeviceGuys, Inc." - C:\WINDOWS\System32\Drivers\DgiVecp.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )-----

{7D4D6379-F301-4311-BEBA-E26EB0561882} "{7D4D6379-F301-4311-BEBA-E26EB0561882}" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{87D62D94-71B3-4b9a-9489-5FE6850DC73E} "Avi Properties Handler" - ? -   (File not found | COM-object registry key not found)

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)

{B28C18DB-6816-4F31-9630-397683E3C2C3} "FilZip Shell Extension" - "Philipp Engel" - C:\Programme\FilZip\fzshext.dll

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler" - ? -   (File not found | COM-object registry key not found)

{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler" - ? -   (File not found | COM-object registry key not found)

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll

{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

Eraser Shell Extension "{BC9B776A-90D7-4476-A791-79D835F30650}" - ? -   (File not found | COM-object registry key not found)
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "&Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle" - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Oracle" - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini

"Dropbox.lnk" - "Dropbox, Inc." - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Eraser" - "The Eraser Project" - "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart

"QuickTime Task" - "Apple Computer, Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

"Win2PDF Port" - ? - C:\WINDOWS\system32\win2pdfm.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"Java Quick Starter" (JavaQuickStarterService) - "Oracle" - C:\Programme\Java\jre6\bin\jqs.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe  (File found, but it contains no detailed information)

"PnkBstrB" (PnkBstrB) - ? - C:\WINDOWS\system32\PnkBstrB.exe  (File found, but it contains no detailed information)

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-06-07 23:17:41

-----------------------------

23:17:41.762    OS Version: Windows 5.1.2600 Service Pack 3

23:17:41.762    Number of processors: 2 586 0x404

23:17:41.762    ComputerName: PC-LUENDORF  UserName: 

23:17:42.043    Initialize success

23:18:43.355    AVAST engine defs: 12060700

23:19:14.980    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17

23:19:14.980    Disk 0 Vendor: ST3160023AS 3.00 Size: 152627MB BusType: 3

23:19:14.980    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-22

23:19:14.980    Disk 1 Vendor: ST3160023AS 3.00 Size: 152627MB BusType: 3

23:19:14.980    Disk 0 MBR read successfully

23:19:14.980    Disk 0 MBR scan

23:19:15.027    Disk 0 Windows XP default MBR code

23:19:15.027    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        29996 MB offset 63

23:19:15.027    Disk 0 Partition - 00     0F Extended LBA            122621 MB offset 61432560

23:19:15.059    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       122621 MB offset 61432623

23:19:15.090    Disk 0 scanning sectors +312560640

23:19:15.246    Disk 0 scanning C:\WINDOWS\system32\drivers

23:19:54.809    Service scanning

23:20:03.902    Modules scanning

23:20:45.152    Disk 0 trace - called modules:

23:20:45.199    ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 

23:20:45.199    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a364ab8]

23:20:45.199    3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000068[0x8a36d9e8]

23:20:45.199    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a3aa940]

23:20:45.652    AVAST engine scan C:\WINDOWS

23:21:08.809    AVAST engine scan C:\WINDOWS\system32

23:30:49.949    AVAST engine scan C:\WINDOWS\system32\drivers

23:31:43.777    AVAST engine scan C:\Dokumente und Einstellungen\Administrator

23:38:30.996    AVAST engine scan C:\Dokumente und Einstellungen\All Users

23:40:12.027    Scan finished successfully

00:26:57.340    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat"

00:26:57.340    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.txt"