recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recycler

cosinus · 01.11.2011, 20:56

Ja bitte, einen neuen CustomScan

cosinus · 11.11.2011, 11:11

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_CH&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_CH&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_CH&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_CH&c=94&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_CH&c=94&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 1proxy.de:80
FF - prefs.js..keyword.URL: "http://ch.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p="
FF - prefs.js..network.proxy.http: "188.138.35.47"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://aolwebmail.aol.de/landing-page"
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKCU..\Run: [Ogeserazur] rundll32.exe   File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.18 10:20:48 | 000,000,088 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011.10.21 16:52:45 | 000,000,000 | ---- | M] () - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011.10.24 22:26:06 | 000,000,000 | ---- | M] () - H:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{5f49f191-414e-11df-bbae-001e101f36d9}\Shell - "" = AutoRun
O33 - MountPoints2\{5f49f191-414e-11df-bbae-001e101f36d9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{74e332ea-0cfa-11df-a309-00269eb454be}\Shell - "" = AutoRun
O33 - MountPoints2\{74e332ea-0cfa-11df-a309-00269eb454be}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{799ff924-3d5d-11df-9a43-00269eb454be}\Shell - "" = AutoRun
O33 - MountPoints2\{799ff924-3d5d-11df-9a43-00269eb454be}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8720fd36-3cef-11df-ba36-00269eb454be}\Shell - "" = AutoRun
O33 - MountPoints2\{8720fd36-3cef-11df-ba36-00269eb454be}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8720fd46-3cef-11df-ba36-00269eb454be}\Shell - "" = AutoRun
O33 - MountPoints2\{8720fd46-3cef-11df-ba36-00269eb454be}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ea59be53-dbdd-11e0-b2ab-00269eb454be}\Shell - "" = AutoRun
O33 - MountPoints2\{ea59be53-dbdd-11e0-b2ab-00269eb454be}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f8ae24bb-3d8f-11df-9a83-00269eb454be}\Shell - "" = AutoRun
O33 - MountPoints2\{f8ae24bb-3d8f-11df-9a83-00269eb454be}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
[2011.10.14 23:59:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
[2011.07.03 10:21:14 | 003,602,392 | ---- | M] (Ask) -- C:\Users\Moe\AppData\Roaming\Mozilla\Firefox\Profiles\unenfokd.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

icke79 · 11.11.2011, 22:25

Danke... hat ja nen bissl was gelöscht.

Zitat:

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "hxxp://ch.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=" removed from keyword.URL
Prefs.js: "188.138.35.47" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Prefs.js: 0 removed from network.proxy.type
Prefs.js: vshare@toolbar:1.0.0 removed from extensions.enabledItems
Prefs.js: "chr-greentree_ff&type=971163" removed from browser.search.param.yahoo-fr
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://aolwebmail.aol.de/landing-page" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Ogeserazur deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
F:\Autorun.inf moved successfully.
G:\autorun.inf moved successfully.
H:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f49f191-414e-11df-bbae-001e101f36d9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f49f191-414e-11df-bbae-001e101f36d9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f49f191-414e-11df-bbae-001e101f36d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f49f191-414e-11df-bbae-001e101f36d9}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74e332ea-0cfa-11df-a309-00269eb454be}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74e332ea-0cfa-11df-a309-00269eb454be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74e332ea-0cfa-11df-a309-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74e332ea-0cfa-11df-a309-00269eb454be}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{799ff924-3d5d-11df-9a43-00269eb454be}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{799ff924-3d5d-11df-9a43-00269eb454be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{799ff924-3d5d-11df-9a43-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{799ff924-3d5d-11df-9a43-00269eb454be}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8720fd36-3cef-11df-ba36-00269eb454be}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8720fd36-3cef-11df-ba36-00269eb454be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8720fd36-3cef-11df-ba36-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8720fd36-3cef-11df-ba36-00269eb454be}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8720fd46-3cef-11df-ba36-00269eb454be}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8720fd46-3cef-11df-ba36-00269eb454be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8720fd46-3cef-11df-ba36-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8720fd46-3cef-11df-ba36-00269eb454be}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea59be53-dbdd-11e0-b2ab-00269eb454be}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea59be53-dbdd-11e0-b2ab-00269eb454be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea59be53-dbdd-11e0-b2ab-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea59be53-dbdd-11e0-b2ab-00269eb454be}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8ae24bb-3d8f-11df-9a83-00269eb454be}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8ae24bb-3d8f-11df-9a83-00269eb454be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8ae24bb-3d8f-11df-9a83-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8ae24bb-3d8f-11df-9a83-00269eb454be}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
C:\Program Files (x86)\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE\4.7 folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\chrome\skin folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\chrome\locale\EN-US folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\chrome\locale folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\chrome\content folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\chrome folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar folder moved successfully.
C:\Users\Moe\AppData\Roaming\Mozilla\Firefox\Profiles\unenfokd.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Moe
->Temp folder emptied: 516561441 bytes
->Temporary Internet Files folder emptied: 137827136 bytes
->Java cache emptied: 721611 bytes
->FireFox cache emptied: 119226721 bytes
->Flash cache emptied: 395535 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1619120 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19837301 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 759,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11112011_221724

Files\Folders moved on Reboot...
C:\Users\Moe\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus · 11.11.2011, 22:29

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

icke79 · 11.11.2011, 22:49

Zitat:

22:45:57.0262 5660 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
22:45:57.0278 5660 ============================================================
22:45:57.0278 5660 Current date / time: 2011/11/11 22:45:57.0278
22:45:57.0278 5660 SystemInfo:
22:45:57.0278 5660
22:45:57.0278 5660 OS Version: 6.1.7601 ServicePack: 1.0
22:45:57.0278 5660 Product type: Workstation
22:45:57.0278 5660 ComputerName: MOMO
22:45:57.0278 5660 UserName: Moe
22:45:57.0278 5660 Windows directory: C:\Windows
22:45:57.0278 5660 System windows directory: C:\Windows
22:45:57.0278 5660 Running under WOW64
22:45:57.0278 5660 Processor architecture: Intel x64
22:45:57.0278 5660 Number of processors: 8
22:45:57.0278 5660 Page size: 0x1000
22:45:57.0278 5660 Boot type: Normal boot
22:45:57.0278 5660 ============================================================
22:46:00.0913 5660 Initialize success
22:46:08.0385 6052 ============================================================
22:46:08.0385 6052 Scan started
22:46:08.0385 6052 Mode: Manual; SigCheck; TDLFS;
22:46:08.0385 6052 ============================================================
22:46:09.0742 6052 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:46:09.0820 6052 1394ohci - ok
22:46:09.0851 6052 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
22:46:09.0883 6052 Accelerometer - ok
22:46:10.0054 6052 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:46:10.0070 6052 ACPI - ok
22:46:10.0101 6052 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:46:10.0163 6052 AcpiPmi - ok
22:46:10.0257 6052 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:46:10.0273 6052 adp94xx - ok
22:46:10.0288 6052 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:46:10.0304 6052 adpahci - ok
22:46:10.0319 6052 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:46:10.0319 6052 adpu320 - ok
22:46:10.0413 6052 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
22:46:10.0460 6052 AFD - ok
22:46:10.0585 6052 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
22:46:10.0631 6052 AgereSoftModem - ok
22:46:10.0850 6052 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:46:10.0865 6052 agp440 - ok
22:46:11.0006 6052 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:46:11.0021 6052 aliide - ok
22:46:11.0037 6052 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:46:11.0053 6052 amdide - ok
22:46:11.0084 6052 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:46:11.0131 6052 AmdK8 - ok
22:46:11.0146 6052 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:46:11.0162 6052 AmdPPM - ok
22:46:11.0224 6052 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:46:11.0240 6052 amdsata - ok
22:46:11.0287 6052 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:46:11.0287 6052 amdsbs - ok
22:46:11.0333 6052 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:46:11.0349 6052 amdxata - ok
22:46:11.0552 6052 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:46:11.0614 6052 AppID - ok
22:46:11.0723 6052 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:46:11.0739 6052 arc - ok
22:46:11.0786 6052 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:46:11.0801 6052 arcsas - ok
22:46:11.0848 6052 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:46:11.0973 6052 AsyncMac - ok
22:46:12.0082 6052 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:46:12.0098 6052 atapi - ok
22:46:12.0145 6052 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
22:46:12.0160 6052 atksgt - ok
22:46:12.0191 6052 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
22:46:12.0207 6052 avgntflt - ok
22:46:12.0301 6052 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys
22:46:12.0301 6052 avipbb - ok
22:46:12.0347 6052 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
22:46:12.0347 6052 avkmgr - ok
22:46:12.0394 6052 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:46:12.0441 6052 b06bdrv - ok
22:46:12.0628 6052 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:46:12.0659 6052 b57nd60a - ok
22:46:12.0769 6052 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:46:12.0815 6052 Beep - ok
22:46:12.0862 6052 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:46:12.0893 6052 blbdrive - ok
22:46:13.0018 6052 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:46:13.0081 6052 bowser - ok
22:46:13.0112 6052 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:46:13.0174 6052 BrFiltLo - ok
22:46:13.0408 6052 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:46:13.0439 6052 BrFiltUp - ok
22:46:13.0502 6052 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:46:13.0549 6052 Brserid - ok
22:46:13.0580 6052 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:46:13.0611 6052 BrSerWdm - ok
22:46:13.0658 6052 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:46:13.0673 6052 BrUsbMdm - ok
22:46:13.0720 6052 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:46:13.0751 6052 BrUsbSer - ok
22:46:13.0829 6052 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
22:46:13.0876 6052 BthEnum - ok
22:46:13.0923 6052 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:46:13.0939 6052 BTHMODEM - ok
22:46:13.0970 6052 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
22:46:14.0001 6052 BthPan - ok
22:46:14.0079 6052 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
22:46:14.0126 6052 BTHPORT - ok
22:46:14.0219 6052 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
22:46:14.0251 6052 BTHUSB - ok
22:46:14.0313 6052 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
22:46:14.0329 6052 btwaudio - ok
22:46:14.0375 6052 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
22:46:14.0375 6052 btwavdt - ok
22:46:14.0469 6052 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
22:46:14.0469 6052 btwl2cap - ok
22:46:14.0500 6052 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
22:46:14.0516 6052 btwrchid - ok
22:46:14.0547 6052 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:46:14.0578 6052 cdfs - ok
22:46:14.0656 6052 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:46:14.0687 6052 cdrom - ok
22:46:14.0734 6052 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:46:14.0765 6052 circlass - ok
22:46:14.0843 6052 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:46:14.0843 6052 CLFS - ok
22:46:14.0906 6052 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:46:14.0937 6052 CmBatt - ok
22:46:15.0015 6052 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:46:15.0015 6052 cmdide - ok
22:46:15.0093 6052 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
22:46:15.0109 6052 CNG - ok
22:46:15.0171 6052 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:46:15.0171 6052 Compbatt - ok
22:46:15.0249 6052 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:46:15.0280 6052 CompositeBus - ok
22:46:15.0343 6052 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:46:15.0358 6052 crcdisk - ok
22:46:15.0436 6052 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:46:15.0483 6052 DfsC - ok
22:46:15.0530 6052 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:46:15.0577 6052 discache - ok
22:46:15.0639 6052 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:46:15.0655 6052 Disk - ok
22:46:15.0717 6052 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:46:15.0748 6052 drmkaud - ok
22:46:15.0842 6052 dump_wmimmc - ok
22:46:16.0013 6052 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:46:16.0029 6052 DXGKrnl - ok
22:46:16.0435 6052 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:46:16.0544 6052 ebdrv - ok
22:46:16.0669 6052 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:46:16.0684 6052 elxstor - ok
22:46:16.0731 6052 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys
22:46:16.0778 6052 enecir - ok
22:46:16.0856 6052 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:46:16.0903 6052 ErrDev - ok
22:46:17.0012 6052 ewusbnet (53913561a7089c9a4649ce4e42f6101b) C:\Windows\system32\DRIVERS\ewusbnet.sys
22:46:17.0027 6052 ewusbnet - ok
22:46:17.0121 6052 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:46:17.0168 6052 exfat - ok
22:46:17.0183 6052 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:46:17.0230 6052 fastfat - ok
22:46:17.0293 6052 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:46:17.0324 6052 fdc - ok
22:46:17.0386 6052 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:46:17.0402 6052 FileInfo - ok
22:46:17.0417 6052 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:46:17.0464 6052 Filetrace - ok
22:46:17.0495 6052 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:46:17.0511 6052 flpydisk - ok
22:46:17.0573 6052 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:46:17.0589 6052 FltMgr - ok
22:46:17.0605 6052 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:46:17.0620 6052 FsDepends - ok
22:46:17.0651 6052 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:46:17.0651 6052 Fs_Rec - ok
22:46:17.0729 6052 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:46:17.0745 6052 fvevol - ok
22:46:17.0776 6052 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:46:17.0792 6052 gagp30kx - ok
22:46:17.0854 6052 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:46:17.0870 6052 GEARAspiWDM - ok
22:46:17.0963 6052 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:46:18.0010 6052 hcw85cir - ok
22:46:18.0119 6052 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:46:18.0151 6052 HdAudAddService - ok
22:46:18.0213 6052 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:46:18.0229 6052 HDAudBus - ok
22:46:18.0260 6052 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:46:18.0275 6052 HidBatt - ok
22:46:18.0338 6052 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:46:18.0369 6052 HidBth - ok
22:46:18.0400 6052 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:46:18.0431 6052 HidIr - ok
22:46:18.0541 6052 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:46:18.0572 6052 HidUsb - ok
22:46:18.0650 6052 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
22:46:18.0665 6052 hpdskflt - ok
22:46:18.0728 6052 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
22:46:18.0759 6052 HpqKbFiltr - ok
22:46:18.0837 6052 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:46:18.0853 6052 HpSAMD - ok
22:46:19.0040 6052 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:46:19.0102 6052 HTTP - ok
22:46:19.0227 6052 hwdatacard (d96a290f699081ae737390c0fe329d7c) C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:46:19.0274 6052 hwdatacard - ok
22:46:19.0321 6052 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:46:19.0336 6052 hwpolicy - ok
22:46:19.0367 6052 hwusbdev (e0c7255498640fc64b19aae17fd6f965) C:\Windows\system32\DRIVERS\ewusbdev.sys
22:46:19.0414 6052 hwusbdev - ok
22:46:19.0539 6052 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:46:19.0555 6052 i8042prt - ok
22:46:19.0586 6052 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
22:46:19.0601 6052 iaStor - ok
22:46:19.0633 6052 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:46:19.0648 6052 iaStorV - ok
22:46:19.0757 6052 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:46:19.0867 6052 igfx - ok
22:46:19.0960 6052 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:46:19.0960 6052 iirsp - ok
22:46:20.0023 6052 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:46:20.0038 6052 intelide - ok
22:46:20.0054 6052 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:46:20.0085 6052 intelppm - ok
22:46:20.0132 6052 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:46:20.0179 6052 IpFilterDriver - ok
22:46:20.0303 6052 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:46:20.0335 6052 IPMIDRV - ok
22:46:20.0381 6052 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:46:20.0428 6052 IPNAT - ok
22:46:20.0459 6052 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:46:20.0537 6052 IRENUM - ok
22:46:20.0647 6052 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:46:20.0662 6052 isapnp - ok
22:46:20.0693 6052 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:46:20.0709 6052 iScsiPrt - ok
22:46:20.0787 6052 JMCR (f8844b00c10e386c704c610e95a9847d) C:\Windows\system32\DRIVERS\jmcr.sys
22:46:20.0803 6052 JMCR - ok
22:46:20.0865 6052 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:46:20.0865 6052 kbdclass - ok
22:46:20.0943 6052 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:46:20.0974 6052 kbdhid - ok
22:46:21.0037 6052 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
22:46:21.0052 6052 KSecDD - ok
22:46:21.0099 6052 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
22:46:21.0115 6052 KSecPkg - ok
22:46:21.0146 6052 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:46:21.0193 6052 ksthunk - ok
22:46:21.0271 6052 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
22:46:21.0286 6052 Lbd - ok
22:46:21.0349 6052 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
22:46:21.0364 6052 lirsgt - ok
22:46:21.0395 6052 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:46:21.0442 6052 lltdio - ok
22:46:21.0505 6052 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:46:21.0520 6052 LSI_FC - ok
22:46:21.0551 6052 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:46:21.0567 6052 LSI_SAS - ok
22:46:21.0583 6052 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:46:21.0583 6052 LSI_SAS2 - ok
22:46:21.0614 6052 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:46:21.0614 6052 LSI_SCSI - ok
22:46:21.0629 6052 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:46:21.0676 6052 luafv - ok
22:46:21.0739 6052 massfilter (7aeac0b5b185cb5601673a0462c7ec36) C:\Windows\system32\DRIVERS\massfilter.sys
22:46:21.0785 6052 massfilter - ok
22:46:21.0848 6052 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
22:46:21.0863 6052 MBAMProtector - ok
22:46:21.0910 6052 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:46:21.0926 6052 megasas - ok
22:46:21.0957 6052 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:46:21.0973 6052 MegaSR - ok
22:46:22.0035 6052 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:46:22.0066 6052 Modem - ok
22:46:22.0113 6052 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:46:22.0129 6052 monitor - ok
22:46:22.0207 6052 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:46:22.0222 6052 mouclass - ok
22:46:22.0285 6052 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:46:22.0300 6052 mouhid - ok
22:46:22.0378 6052 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:46:22.0394 6052 mountmgr - ok
22:46:22.0456 6052 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:46:22.0472 6052 mpio - ok
22:46:22.0503 6052 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:46:22.0534 6052 mpsdrv - ok
22:46:22.0597 6052 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:46:22.0675 6052 MRxDAV - ok
22:46:22.0768 6052 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:46:22.0799 6052 mrxsmb - ok
22:46:22.0862 6052 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:46:22.0893 6052 mrxsmb10 - ok
22:46:22.0909 6052 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:46:22.0940 6052 mrxsmb20 - ok
22:46:22.0971 6052 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:46:22.0987 6052 msahci - ok
22:46:23.0096 6052 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:46:23.0111 6052 msdsm - ok
22:46:23.0158 6052 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:46:23.0205 6052 Msfs - ok
22:46:23.0252 6052 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:46:23.0283 6052 mshidkmdf - ok
22:46:23.0361 6052 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:46:23.0361 6052 msisadrv - ok
22:46:23.0392 6052 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:46:23.0439 6052 MSKSSRV - ok
22:46:23.0470 6052 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:46:23.0517 6052 MSPCLOCK - ok
22:46:23.0548 6052 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:46:23.0595 6052 MSPQM - ok
22:46:23.0657 6052 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:46:23.0657 6052 MsRPC - ok
22:46:23.0735 6052 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:46:23.0751 6052 mssmbios - ok
22:46:23.0767 6052 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:46:23.0813 6052 MSTEE - ok
22:46:23.0829 6052 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:46:23.0876 6052 MTConfig - ok
22:46:23.0891 6052 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:46:23.0907 6052 Mup - ok
22:46:23.0985 6052 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:46:24.0016 6052 NativeWifiP - ok
22:46:24.0094 6052 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:46:24.0110 6052 NDIS - ok
22:46:24.0203 6052 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:46:24.0235 6052 NdisCap - ok
22:46:24.0281 6052 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:46:24.0313 6052 NdisTapi - ok
22:46:24.0359 6052 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:46:24.0391 6052 Ndisuio - ok
22:46:24.0469 6052 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:46:24.0515 6052 NdisWan - ok
22:46:24.0578 6052 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:46:24.0625 6052 NDProxy - ok
22:46:24.0687 6052 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
22:46:24.0734 6052 Netaapl - ok
22:46:24.0781 6052 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:46:24.0812 6052 NetBIOS - ok
22:46:24.0890 6052 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:46:24.0921 6052 NetBT - ok
22:46:25.0217 6052 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
22:46:25.0451 6052 NETw5s64 - ok
22:46:25.0966 6052 netw5v64 (d68de412a3243f8d57ddb814aa509813) C:\Windows\system32\DRIVERS\netw5v64.sys
22:46:26.0122 6052 netw5v64 - ok
22:46:26.0263 6052 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:46:26.0263 6052 nfrd960 - ok
22:46:26.0356 6052 nmwcdnsucx64 (863aa6c58ac85a22355ae943c605e44b) C:\Windows\system32\drivers\nmwcdnsucx64.sys
22:46:26.0403 6052 nmwcdnsucx64 - ok
22:46:26.0465 6052 nmwcdnsux64 (7983d9201788407c4d1fc4d0baa04e32) C:\Windows\system32\drivers\nmwcdnsux64.sys
22:46:26.0497 6052 nmwcdnsux64 - ok
22:46:26.0559 6052 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:46:26.0606 6052 Npfs - ok
22:46:26.0653 6052 NPPTNT2 - ok
22:46:26.0668 6052 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:46:26.0715 6052 nsiproxy - ok
22:46:26.0840 6052 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:46:26.0871 6052 Ntfs - ok
22:46:26.0918 6052 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:46:26.0965 6052 Null - ok
22:46:27.0043 6052 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
22:46:27.0043 6052 NVHDA - ok
22:46:27.0854 6052 nvlddmkm (bbe872a814b00798c2d568d46c42a71b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:46:27.0994 6052 nvlddmkm - ok
22:46:28.0103 6052 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:46:28.0103 6052 nvraid - ok
22:46:28.0119 6052 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:46:28.0135 6052 nvstor - ok
22:46:28.0197 6052 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:46:28.0228 6052 nv_agp - ok
22:46:28.0369 6052 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:46:28.0384 6052 ohci1394 - ok
22:46:28.0462 6052 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:46:28.0493 6052 Parport - ok
22:46:28.0540 6052 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:46:28.0556 6052 partmgr - ok
22:46:28.0665 6052 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
22:46:28.0696 6052 pccsmcfd - ok
22:46:28.0743 6052 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:46:28.0759 6052 pci - ok
22:46:28.0774 6052 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:46:28.0790 6052 pciide - ok
22:46:28.0821 6052 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:46:28.0821 6052 pcmcia - ok
22:46:28.0868 6052 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:46:28.0883 6052 pcw - ok
22:46:29.0086 6052 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:46:29.0133 6052 PEAUTH - ok
22:46:29.0273 6052 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:46:29.0305 6052 PptpMiniport - ok
22:46:29.0351 6052 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:46:29.0383 6052 Processor - ok
22:46:29.0445 6052 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:46:29.0476 6052 Psched - ok
22:46:29.0585 6052 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:46:29.0617 6052 ql2300 - ok
22:46:29.0617 6052 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:46:29.0632 6052 ql40xx - ok
22:46:29.0663 6052 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:46:29.0695 6052 QWAVEdrv - ok
22:46:29.0726 6052 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:46:29.0757 6052 RasAcd - ok
22:46:29.0835 6052 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:46:29.0851 6052 RasAgileVpn - ok
22:46:29.0913 6052 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:46:29.0960 6052 Rasl2tp - ok
22:46:30.0007 6052 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:46:30.0053 6052 RasPppoe - ok
22:46:30.0100 6052 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:46:30.0131 6052 RasSstp - ok
22:46:30.0225 6052 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:46:30.0287 6052 rdbss - ok
22:46:30.0319 6052 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:46:30.0350 6052 rdpbus - ok
22:46:30.0412 6052 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:46:30.0459 6052 RDPCDD - ok
22:46:30.0475 6052 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:46:30.0506 6052 RDPENCDD - ok
22:46:30.0521 6052 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:46:30.0553 6052 RDPREFMP - ok
22:46:30.0615 6052 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
22:46:30.0646 6052 RDPWD - ok
22:46:30.0740 6052 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:46:30.0755 6052 rdyboost - ok
22:46:30.0865 6052 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
22:46:30.0896 6052 RFCOMM - ok
22:46:30.0927 6052 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:46:30.0974 6052 rspndr - ok
22:46:31.0021 6052 RTL8167 (91296f0b2653281b2f11e0fce56aa427) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:46:31.0067 6052 RTL8167 - ok
22:46:31.0161 6052 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:46:31.0177 6052 SASDIFSV - ok
22:46:31.0223 6052 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:46:31.0223 6052 SASKUTIL - ok
22:46:31.0317 6052 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:46:31.0333 6052 sbp2port - ok
22:46:31.0395 6052 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:46:31.0411 6052 scfilter - ok
22:46:31.0442 6052 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
22:46:31.0489 6052 sdbus - ok
22:46:31.0520 6052 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:46:31.0567 6052 secdrv - ok
22:46:31.0645 6052 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:46:31.0676 6052 Serenum - ok
22:46:31.0723 6052 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:46:31.0754 6052 Serial - ok
22:46:31.0816 6052 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:46:31.0847 6052 sermouse - ok
22:46:31.0941 6052 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:46:31.0988 6052 sffdisk - ok
22:46:32.0003 6052 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:46:32.0035 6052 sffp_mmc - ok
22:46:32.0050 6052 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:46:32.0081 6052 sffp_sd - ok
22:46:32.0113 6052 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:46:32.0144 6052 sfloppy - ok
22:46:32.0222 6052 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:46:32.0237 6052 SiSRaid2 - ok
22:46:32.0253 6052 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:46:32.0253 6052 SiSRaid4 - ok
22:46:32.0300 6052 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:46:32.0331 6052 Smb - ok
22:46:32.0378 6052 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:46:32.0378 6052 spldr - ok
22:46:32.0425 6052 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\System32\Drivers\sptd.sys
22:46:32.0456 6052 sptd - ok
22:46:32.0596 6052 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:46:32.0643 6052 srv - ok
22:46:32.0815 6052 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:46:32.0861 6052 srv2 - ok
22:46:32.0924 6052 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:46:32.0939 6052 SrvHsfHDA - ok
22:46:33.0142 6052 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:46:33.0189 6052 SrvHsfV92 - ok
22:46:33.0361 6052 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:46:33.0392 6052 SrvHsfWinac - ok
22:46:33.0485 6052 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:46:33.0517 6052 srvnet - ok
22:46:33.0626 6052 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:46:33.0626 6052 stexstor - ok
22:46:33.0735 6052 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
22:46:33.0766 6052 STHDA - ok
22:46:33.0844 6052 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:46:33.0844 6052 swenum - ok
22:46:33.0938 6052 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
22:46:33.0953 6052 SynTP - ok
22:46:34.0000 6052 tap0901 (595cb8da5b522ad8cc28193dc21fd496) C:\Windows\system32\DRIVERS\tap0901.sys
22:46:34.0047 6052 tap0901 - ok
22:46:34.0250 6052 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:46:34.0297 6052 Tcpip - ok
22:46:34.0531 6052 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:46:34.0562 6052 TCPIP6 - ok
22:46:34.0671 6052 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:46:34.0718 6052 tcpipreg - ok
22:46:34.0765 6052 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:46:34.0811 6052 TDPIPE - ok
22:46:34.0827 6052 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:46:34.0874 6052 TDTCP - ok
22:46:34.0936 6052 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:46:34.0967 6052 tdx - ok
22:46:35.0061 6052 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:46:35.0077 6052 TermDD - ok
22:46:35.0139 6052 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:46:35.0186 6052 tssecsrv - ok
22:46:35.0248 6052 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:46:35.0264 6052 TsUsbFlt - ok
22:46:35.0404 6052 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
22:46:35.0404 6052 TuneUpUtilitiesDrv - ok
22:46:35.0560 6052 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:46:35.0576 6052 tunnel - ok
22:46:35.0732 6052 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:46:35.0747 6052 uagp35 - ok
22:46:35.0794 6052 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:46:35.0841 6052 udfs - ok
22:46:35.0919 6052 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:46:35.0919 6052 uliagpkx - ok
22:46:35.0997 6052 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:46:36.0013 6052 umbus - ok
22:46:36.0028 6052 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:46:36.0075 6052 UmPass - ok
22:46:36.0153 6052 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
22:46:36.0169 6052 USBAAPL64 - ok
22:46:36.0278 6052 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:46:36.0340 6052 usbccgp - ok
22:46:36.0371 6052 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:46:36.0403 6052 usbcir - ok
22:46:36.0418 6052 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
22:46:36.0449 6052 usbehci - ok
22:46:36.0481 6052 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:46:36.0496 6052 usbhub - ok
22:46:36.0605 6052 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:46:36.0637 6052 usbohci - ok
22:46:36.0668 6052 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:46:36.0699 6052 usbprint - ok
22:46:36.0715 6052 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:46:36.0746 6052 USBSTOR - ok
22:46:36.0777 6052 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:46:36.0808 6052 usbuhci - ok
22:46:36.0933 6052 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
22:46:36.0964 6052 usbvideo - ok
22:46:37.0011 6052 vcd10bus (f0faf3fb9b138f8cafb65ecffe9f4ab6) C:\Windows\system32\DRIVERS\vcd10bus.sys
22:46:37.0027 6052 vcd10bus - ok
22:46:37.0089 6052 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:46:37.0089 6052 vdrvroot - ok
22:46:37.0183 6052 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:46:37.0198 6052 vga - ok
22:46:37.0214 6052 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:46:37.0245 6052 VgaSave - ok
22:46:37.0307 6052 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:46:37.0307 6052 vhdmp - ok
22:46:37.0385 6052 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:46:37.0385 6052 viaide - ok
22:46:37.0463 6052 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:46:37.0463 6052 volmgr - ok
22:46:37.0526 6052 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:46:37.0557 6052 volmgrx - ok
22:46:37.0604 6052 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:46:37.0619 6052 volsnap - ok
22:46:37.0697 6052 vpnva (e526a69d932538ae8bc96b3f4a5a90b1) C:\Windows\system32\DRIVERS\vpnva64.sys
22:46:37.0713 6052 vpnva - ok
22:46:37.0791 6052 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:46:37.0807 6052 vsmraid - ok
22:46:37.0853 6052 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:46:37.0885 6052 vwifibus - ok
22:46:37.0931 6052 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:46:37.0947 6052 vwififlt - ok
22:46:37.0994 6052 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:46:38.0009 6052 WacomPen - ok
22:46:38.0119 6052 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:46:38.0165 6052 WANARP - ok
22:46:38.0181 6052 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:46:38.0212 6052 Wanarpv6 - ok
22:46:38.0259 6052 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:46:38.0259 6052 Wd - ok
22:46:38.0321 6052 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:46:38.0337 6052 Wdf01000 - ok
22:46:38.0384 6052 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:46:38.0415 6052 WfpLwf - ok
22:46:38.0446 6052 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:46:38.0446 6052 WIMMount - ok
22:46:38.0571 6052 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:46:38.0602 6052 WinUsb - ok
22:46:38.0680 6052 WmBEnum (e7f4937b613b1e4294100c9d4efc36a9) C:\Windows\system32\drivers\WmBEnum.sys
22:46:38.0696 6052 WmBEnum - ok
22:46:38.0711 6052 WmFilter (6f6f2b263002b243d3501c7e6c8fc11d) C:\Windows\system32\drivers\WmFilter.sys
22:46:38.0727 6052 WmFilter - ok
22:46:38.0727 6052 WmHidLo (1584f8d5fdfe44c03dba85a2106b937f) C:\Windows\system32\drivers\WmHidLo.sys
22:46:38.0743 6052 WmHidLo - ok
22:46:38.0789 6052 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:46:38.0821 6052 WmiAcpi - ok
22:46:38.0930 6052 WmVirHid (52b4fcc6afaec0ffd80bda63f9b140cd) C:\Windows\system32\drivers\WmVirHid.sys
22:46:38.0930 6052 WmVirHid - ok
22:46:38.0961 6052 WmXlCore (395b3e7fba81bdc4501641b3b2cf2e20) C:\Windows\system32\drivers\WmXlCore.sys
22:46:38.0977 6052 WmXlCore - ok
22:46:39.0008 6052 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:46:39.0055 6052 ws2ifsl - ok
22:46:39.0101 6052 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:46:39.0148 6052 WudfPf - ok
22:46:39.0226 6052 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:46:39.0257 6052 WUDFRd - ok
22:46:39.0304 6052 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
22:46:39.0320 6052 yukonw7 - ok
22:46:39.0382 6052 ZTEusbmdm6k (bcd008c9fc4b57c107cbcfc3e77b58ba) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
22:46:39.0429 6052 ZTEusbmdm6k - ok
22:46:39.0491 6052 ZTEusbnet (9e74e0d096f8023a68a262a012153182) C:\Windows\system32\DRIVERS\ZTEusbnet.sys
22:46:39.0523 6052 ZTEusbnet - ok
22:46:39.0569 6052 ZTEusbnmea (bcd008c9fc4b57c107cbcfc3e77b58ba) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
22:46:39.0585 6052 ZTEusbnmea - ok
22:46:39.0616 6052 ZTEusbser6k (bcd008c9fc4b57c107cbcfc3e77b58ba) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
22:46:39.0632 6052 ZTEusbser6k - ok
22:46:39.0663 6052 ZTEusbvoice (bcd008c9fc4b57c107cbcfc3e77b58ba) C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
22:46:39.0663 6052 ZTEusbvoice - ok
22:46:39.0725 6052 MBR (0x1B8) (54ef9320252d9e88dbf147a7b4d6a9eb) \Device\Harddisk0\DR0
22:46:40.0381 6052 \Device\Harddisk0\DR0 - ok
22:46:40.0381 6052 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
22:46:40.0942 6052 \Device\Harddisk1\DR1 - ok
22:46:40.0942 6052 MBR (0x1B8) (180dbde3af7ea48b3db3ac27b1ddf401) \Device\Harddisk2\DR2
22:46:41.0738 6052 \Device\Harddisk2\DR2 - ok
22:46:41.0753 6052 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
22:46:42.0315 6052 \Device\Harddisk3\DR3 - ok
22:46:42.0331 6052 Boot (0x1200) (0d9ca0a8414bb0b91d9ab7efb312e66a) \Device\Harddisk0\DR0\Partition0
22:46:42.0346 6052 \Device\Harddisk0\DR0\Partition0 - ok
22:46:42.0362 6052 Boot (0x1200) (1a8869a0c6402ddd38f9a42defeab9c6) \Device\Harddisk0\DR0\Partition1
22:46:42.0362 6052 \Device\Harddisk0\DR0\Partition1 - ok
22:46:42.0393 6052 Boot (0x1200) (fddc59c02b52ec1efc4d03d5d11b6422) \Device\Harddisk0\DR0\Partition2
22:46:42.0424 6052 \Device\Harddisk0\DR0\Partition2 - ok
22:46:42.0455 6052 Boot (0x1200) (88f4862784451b4372866ea969626eb8) \Device\Harddisk0\DR0\Partition3
22:46:42.0471 6052 \Device\Harddisk0\DR0\Partition3 - ok
22:46:42.0487 6052 Boot (0x1200) (1ac09d2c220aedc2659051cc2ffd41c1) \Device\Harddisk1\DR1\Partition0
22:46:42.0487 6052 \Device\Harddisk1\DR1\Partition0 - ok
22:46:42.0487 6052 Boot (0x1200) (40786bda49d36a00cdd1e6030812bdbb) \Device\Harddisk2\DR2\Partition0
22:46:42.0487 6052 \Device\Harddisk2\DR2\Partition0 - ok
22:46:42.0487 6052 Boot (0x1200) (97793c6ebe782489632be676e2c9be30) \Device\Harddisk3\DR3\Partition0
22:46:42.0487 6052 \Device\Harddisk3\DR3\Partition0 - ok
22:46:42.0487 6052 ============================================================
22:46:42.0487 6052 Scan finished
22:46:42.0487 6052 ============================================================
22:46:42.0502 5504 Detected object count: 0
22:46:42.0502 5504 Actual detected object count: 0

Das unhide brauch ich nicht.. hatte ich schonmal ausgeführt, war nur auf den tragabren Platten nötig damals!

cosinus · 12.11.2011, 12:53

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

icke79 · 12.11.2011, 13:59

mmm kann irgendwie dne hintergrungkram nicht beenden,..
das sagt er an (siehe Anhang)
habe die sacehn eben eigetnliochj deinstalliert.., soll ich trotzdem starten?

cosinus · 14.11.2011, 11:17

Ja dann kannste CF starten

icke79 · 15.11.2011, 02:49

[QUOTE]
Combofix Logfile:

Code:

ATTFilter

ComboFix 11-11-12.02 - Moe 15.11.2011   2:20.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.41.1031.18.4087.2586 [GMT 1:00]
ausgeführt von:: c:\users\Moe\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\jestertb.dll
c:\windows\SysWow64\start.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-15 bis 2011-11-15  ))))))))))))))))))))))))))))))
.
.
2011-11-15 01:31 . 2011-11-15 01:31	--------	d-----w-	c:\users\DefaultAppPool\AppData\Local\temp
2011-11-15 01:31 . 2011-11-15 01:31	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-11 21:17 . 2011-11-11 21:17	--------	d-----w-	C:\_OTL
2011-11-09 00:01 . 2011-10-01 05:45	886784	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-09 00:01 . 2011-10-01 04:37	708608	----a-w-	c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 00:01 . 2011-09-29 16:29	1923952	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-09 00:01 . 2011-09-29 04:03	3144704	----a-w-	c:\windows\system32\win32k.sys
2011-10-25 08:48 . 2011-10-25 08:48	--------	d-----w-	c:\program files (x86)\ESET
2011-10-25 08:45 . 2011-10-25 08:45	--------	d-----w-	c:\users\Moe\AppData\Roaming\Malwarebytes
2011-10-25 08:45 . 2011-10-25 08:45	--------	d-----w-	c:\programdata\Malwarebytes
2011-10-25 08:45 . 2011-08-31 15:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-10-25 07:21 . 2011-10-31 19:47	--------	d-----w-	c:\program files (x86)\Emsisoft Anti-Malware
2011-10-24 18:54 . 2011-10-24 21:58	--------	d-----w-	c:\users\Moe\DoctorWeb
2011-10-17 16:57 . 2011-10-17 16:57	--------	d-----w-	c:\program files\iPod
2011-10-17 16:57 . 2011-10-17 16:58	--------	d-----w-	c:\program files\iTunes
2011-10-17 16:57 . 2011-10-17 16:58	--------	d-----w-	c:\program files (x86)\iTunes
2011-10-17 16:53 . 2011-10-17 16:53	--------	d-----w-	c:\program files\Bonjour
2011-10-17 16:53 . 2011-10-17 16:53	--------	d-----w-	c:\program files (x86)\Bonjour
2011-10-16 17:18 . 2011-11-12 12:48	--------	d-----w-	c:\programdata\Avira
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-28 23:42 . 2011-04-20 20:17	55384	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2011-10-19 19:55 . 2011-05-18 22:28	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-08 20:00 . 2011-10-08 19:59	684377	----a-w-	c:\windows\unins000.exe
2011-09-01 05:24 . 2011-10-13 06:52	2309120	----a-w-	c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-13 06:52	1389056	----a-w-	c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-13 06:52	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-13 06:52	1798144	----a-w-	c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-13 06:52	1126912	----a-w-	c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-13 06:52	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-08-30 21:05 . 2011-08-30 21:05	96104	----a-w-	c:\windows\system32\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05	85864	----a-w-	c:\windows\system32\dnssd.dll
2011-08-30 21:05 . 2011-08-30 21:05	83816	----a-w-	c:\windows\SysWow64\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05	73064	----a-w-	c:\windows\SysWow64\dnssd.dll
2011-08-27 05:37 . 2011-10-13 01:21	861696	----a-w-	c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-13 01:21	331776	----a-w-	c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-13 01:21	233472	----a-w-	c:\windows\SysWow64\oleacc.dll
2011-08-27 04:26 . 2011-10-13 01:21	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2011-08-17 05:26 . 2011-10-13 01:28	613888	----a-w-	c:\windows\system32\psisdecd.dll
2011-08-17 05:25 . 2011-10-13 01:28	108032	----a-w-	c:\windows\system32\psisrndr.ax
2011-08-17 04:24 . 2011-10-13 01:28	465408	----a-w-	c:\windows\SysWow64\psisdecd.dll
2011-08-17 04:19 . 2011-10-13 01:28	75776	----a-w-	c:\windows\SysWow64\psisrndr.ax
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Corel File Shell Monitor"="c:\program files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2009-06-22 16712]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe"
"ISUSScheduler"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"MobileConnect"=%programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
.
R2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-29 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files\Games-Masters.com\CABAL Online (EU)\GameGuard\dump_wmimmc.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-29 135664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-12-09 1394504]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-18 9216]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-05-06 583360]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-29 00:29]
.
2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-29 03:17]
.
2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-29 03:17]
.
2011-10-25 c:\windows\Tasks\HPCeeScheduleForMoe.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uLocal Page = c:\windows\system32\blank.htm
mStart Page = 
mLocal Page = 
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Download All by ASUS Download - c:\program files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownloadAll.htm
IE: Download using ASUS Download - c:\program files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownload.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1 62.2.24.158
FF - ProfilePath - c:\users\Moe\AppData\Roaming\Mozilla\Firefox\Profiles\unenfokd.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: SkipScreen: SkipScreen@SkipScreen - %profile%\extensions\SkipScreen@SkipScreen
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-03959510.sys
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-SimCity 3000 - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1543690008-2225939844-2289125757-1001\Software\SecuROM\License information*]
"datasecu"=hex:3f,6f,1f,87,90,3a,08,4e,a1,29,98,39,47,84,b4,30,cb,25,49,06,73,
   73,bd,49,6e,dd,e7,79,c0,63,e1,3b,00,cc,ff,dc,a1,32,cb,9a,bd,d0,cd,2c,5f,08,\
"rkeysecu"=hex:44,60,78,d9,ea,8f,c6,9b,df,38,6c,06,c7,45,3b,f6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="A231DEA8F17B599AB4463B3B445E52D20BFDAD278F50F31973E153DE0C81B305B94107789502F2B72A4C17F8CDE0A966D0B4D32C8CD9D286986AEC92A195B57BB15B2059E0F9F9D646CE2F67888289B0884C33F3ED3548850B8EB4B57D1B99AAE20C1A1910D62ECF270EE30D833AB091B7D5B8DEB4F8B2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DC038D530D6EB3452C038D530D6EB3452019BFC1D9E2CEB6543AB87A03ABB94DBA3F52CCA17B96F1253830C7C30D21D3882E3077BAA4359C07A775878B14C28CD3984D4EFDE6F19F82AA52FD7B3028DE8E3FCCC97288DA1B37B3D2E5842FE11926906E59F40A83B6CFA879BBD550F31A0527EA707721152347C7C34E3A1CFFAC1137BF9A96D74C5BD6CCEFECB603F5690DFD573D38E68BAF019031830AACD5823793B2FD138796AF58AF60793C0EB121B014012FCA040724ACD778ACBDD9C5F35C36E28CF1B6FA1CCC6CEE8988782BB588F53687371DD50D27E5242B2DC738B28FD130C50AFA0A633F4F75CD6690370144876DC9D7194F2D5EFDF77596F1C9963967A0573366FF7C94DE99BB7BE05904D4E645E563150BACECEC0E8267F770C7FE1CBC1CB144FD8686CEFE61F852F3F37A42F5C69660FCDECA76B57F49D78A8CA1700F5E2CF49CF9753288260DDC0E53A3738CB1CEBE21516ECA689137A267AC4D1E457B495F729186605B5458D0AAE71D13825213E71BCE2F51048C5ED9CCFA4909B20B0350E73DC6C4FCB0B7CEF8BAD26BB65A480F5B59FFC98E143F289B954389A10BB234D0209149F95E137EDAF6FC9A18C44F73EB74C200428B429320F6F0EACE82DF68F6B7A6B65E470F08E1471B59D20118EAD381EE1ECEF3C52EBE8C9BFECF1506D418B3FE8E313CCFB74731DC7B72913D239787CA8BE936B562326E75ACFF4E564E0821863317B07D2D4CF1241CC3342766C76063E3A6F48BE566A02D31AC1A2E08531FC9838FC9F11F76CA5C70B4F8ECE63778953F4E64FBB9A1A0881E4A9AD8BD4401928B7FB0979BD51DDE4F512D755D1868CF6575FEF2094DE99209E06232F8C1A4816435F2F6F94CA7705E614752A7E70C5A11DC00B6181A88DCE89AD143C7CEE20CB4193ED7C03E85FF988F1328D43C4242E59FAF99C30A86C90BA8103468931E415EB07174CA2003C7A5BCCC9648DD947D8EEFD068F04D474CC9C64E8062A181323D22FEEB1A0A7649DB249EF3B61C8824617C06F9C7467174F6BBBB1D66D9D5709D7022E213D3DE1E2B68FCABDD26E60FA5FBB68CB0BDF7847BA733D3871031540327C02324F60762AE24CF33E0EEB9C63A6ED98C6E87DF3C76F7ADECD6BCA62A5EC1E8C24BE74153A86B079B3D0A6A6CB235799DD41C917C9C3C15FE0223B0B77"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-11-15  02:34:36
ComboFix-quarantined-files.txt  2011-11-15 01:34
.
Vor Suchlauf: 16 Verzeichnis(se), 62'377'435'136 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 61'580'914'688 Bytes frei
.
- - End Of File - - C5835DAF2E5D7BF58E653EEABD2C37FF

--- --- ---

SO cf ist durch!

cosinus · 15.11.2011, 09:16

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

icke79 · 16.11.2011, 00:45

Zitat:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-15 19:40:43
-----------------------------
19:40:43.217 OS Version: Windows x64 6.1.7601 Service Pack 1
19:40:43.217 Number of processors: 8 586 0x1E05
19:40:43.217 ComputerName: MOMO UserName: Moe
19:40:44.949 Initialize success
19:45:50.301 AVAST engine defs: 11111500
20:30:08.826 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:30:08.826 Disk 0 Vendor: Hitachi_ PC3O Size: 305245MB BusType: 3
20:30:08.841 Disk 0 MBR read successfully
20:30:08.841 Disk 0 MBR scan
20:30:08.857 Disk 0 unknown MBR code
20:30:08.857 Service scanning
20:30:10.058 Modules scanning
20:30:10.058 Disk 0 trace - called modules:
20:30:10.074 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
20:30:10.089 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80058f6790]
20:30:10.089 3 CLASSPNP.SYS[fffff8800106943f] -> nt!IofCallDriver -> [0xfffffa8005817950]
20:30:10.089 5 hpdskflt.sys[fffff880023c2289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80047c4050]
20:30:11.150 AVAST engine scan C:\Windows
20:30:13.849 AVAST engine scan C:\Windows\system32
20:31:33.721 AVAST engine scan C:\Windows\system32\drivers
20:31:43.065 AVAST engine scan C:\Users\Moe
20:54:58.597 AVAST engine scan C:\ProgramData
20:57:26.080 Scan finished successfully
00:41:12.510 Disk 0 MBR has been saved successfully to "C:\Users\Moe\Desktop\MBR.dat"
00:41:12.526 The log file has been saved successfully to "C:\Users\Moe\Desktop\aswMBR.txt"

Ich hab unten bei der Scanart "Quickscan" gehabt... konnte irgendwie nicht alle Platten einstellen!

cosinus · 16.11.2011, 09:47

Zitat:

unknown MBR code

Müssen wir evtl. fixen - hast du noch andere Betriebssysteme installiert oder zB mit TrueCrypt die Platte verschlüsselt?

icke79 · 16.11.2011, 17:28

Zitat:

Zitat von cosinus

Müssen wir evtl. fixen - hast du noch andere Betriebssysteme installiert oder zB mit TrueCrypt die Platte verschlüsselt?

Ne, nur Windoof 7 und nix verschlüsselt oder so.

cosinus · 16.11.2011, 19:56

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.
Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

icke79 · 16.11.2011, 21:30

kann ich die Festplatten abhängen oder nmüssen die mit gefixed werden, sonst müsst ich die ja auch sichern..?

01.11.2011, 20:56	#1
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recycler Ja bitte, einen neuen CustomScan __________________ Logfiles bitte immer in CODE-Tags posten

14.11.2011, 11:17	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recycler Ja dann kannste CF starten __________________ Logfiles bitte immer in CODE-Tags posten

recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recycler

Log-Analyse und Auswertung: recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recycler