Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: weiteres Facebookopfer :-(

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.10.2011, 19:40   #1
karl-heinz00
 
weiteres Facebookopfer :-( - Standard

weiteres Facebookopfer :-(



Ihr seht es schon am Titel. Auch mir ist es passiert, dass ich einen Link ohne zu überlegen angeklickt habe, obwohl ich sonst eigtl. eher vorsichtig bin bei solchen Sachen. Aber naja, passiert ist es jetzt jedenfalls trotzdem.

Im Prinzip ist das ganze äquivalent zu folgendem Problem abgelaufen

http://www.trojaner-board.de/104461-...insvc-exe.html

Habe als allererstes mit McAfee gescannt - kein Fund.
Danach habe ich Malwarebytes' drüber laufen lassen - 1 Fund (selber Dateiname, wie in dem oben erwähnten Link)

Hab den Fund dann mit Malwarebytes' löschen lassen. Aber um sicher zu gehen, dass alles clean ist, poste ich mal noch den Logfile des scans und einen hjt-logfile, der nachdem scan mit Malwarebytes' angefertigt wurde. Würde mich über Hilfe bei der Beseitigung möglicher bestehender Bedrohung freuen. Deswegen schonmal Danke im Vorraus für jegliche Hilfe.

Malwarebytes':

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
 
Datenbank Version: 8052
 
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
 
31.10.2011 20:12:33
mbam-log-2011-10-31 (20-12-33).txt
 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 316696
Laufzeit: 1 Stunde(n), 30 Minute(n), 28 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
c:\Users\****\m-1-52-5782-8752-5245\winsvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
         
hjt-Logfile:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:37:10, on 31.10.2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Users\Kerstin\Desktop\Downloads\HiJackThis204.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110518142316.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"
O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [EPSON SX510W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_S5535.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: AAV UpdateService - Unknown owner - C:\Program Files (x86)\AAVUpdateManager\aavus.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc.  - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall-Dienst (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 13855 bytes
         
PS: habe gerade nochmal mbam geöffnet. Die Datei war bisher nur unter Quarantäne, hab sie jetzt endgültig gelöscht, mit dem "löschen"-Button!

PSS: mbam bringt ab und zu nen IP-Block:
Code:
ATTFilter
 18:39:13	***	MESSAGE	Protection started successfully
18:39:20	***	MESSAGE	IP Protection started successfully
20:27:18	***	MESSAGE	Protection started successfully
20:27:26	***	MESSAGE	IP Protection started successfully
20:37:40	***	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49352, Process: svchost.exe)
20:37:40	***	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49353, Process: svchost.exe)
20:37:40	***	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49354, Process: svchost.exe)
20:37:40	***	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49355, Process: svchost.exe)
20:47:33	***	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49417, Process: svchost.exe)
20:47:33	***	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49418, Process: svchost.exe)
20:47:34	***	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49419, Process: svchost.exe)
20:47:34	***	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49420, Process: svchost.exe)
20:57:35	***	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49483, Process: svchost.exe)
20:57:35	***	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49484, Process: svchost.exe)
20:57:35	***	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49485, Process: svchost.exe)
20:57:35	***	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49486, Process: svchost.exe)
21:07:37	***	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49565, Process: svchost.exe)
21:07:37	***	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49566, Process: svchost.exe)
21:07:37	***	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49567, Process: svchost.exe)
21:07:37	***	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49568, Process: svchost.exe)
21:17:41	***	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 49644, Process: svchost.exe)
21:27:42	***	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49713, Process: svchost.exe)
21:27:42	***   IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49714, Process: svchost.exe)
21:27:42	***	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49715, Process: svchost.exe)
21:27:42	***	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49716, Process: svchost.exe)
         
was hat das zu bedeuten?

Geändert von karl-heinz00 (31.10.2011 um 20:34 Uhr)

Alt 31.10.2011, 21:31   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
weiteres Facebookopfer :-( - Standard

weiteres Facebookopfer :-(



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 01.11.2011, 01:20   #3
karl-heinz00
 
weiteres Facebookopfer :-( - Standard

weiteres Facebookopfer :-(



ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=03892e16f7223142b01ccf8f80d8516d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-01 01:15:46
# local_time=2011-11-01 02:15:46 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16777213 100 75 14262392 33624371 0 0
# compatibility_mode=5893 16776574 100 94 15137389 71730689 0 0
# compatibility_mode=8192 67108863 100 0 3721 3721 0 0
# scanned=160282
# found=5
# cleaned=0
# scan_time=9307
C:\$Recycle.Bin\S-1-5-21-3817438319-2950311145-3816183397-1001\$RX48K7W.scr	a variant of Win32/AutoRun.Injector.AM worm (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\Local\Temp\86080.exe	a variant of Win32/AutoRun.Injector.AM worm (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\Local\Temp\9801933.exe	a variant of Win32/AutoRun.Injector.AM worm (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\58ce481b-379c0247	a variant of Java/TrojanDownloader.Agent.ME trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\58ec35a7-27562cc9	a variant of Java/Exploit.CVE-2010-4452.A trojan (unable to clean)	00000000000000000000000000000000	I
         
__________________

Alt 01.11.2011, 10:57   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
weiteres Facebookopfer :-( - Standard

weiteres Facebookopfer :-(



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.11.2011, 13:36   #5
karl-heinz00
 
weiteres Facebookopfer :-( - Standard

weiteres Facebookopfer :-(



OTL.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.11.2011 13:33:09 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,73 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 60,81% Memory free
5,46 Gb Paging File | 4,06 Gb Available in Paging File | 74,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282,99 Gb Total Space | 236,60 Gb Free Space | 83,61% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
PRC - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
PRC - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\AAVUpdateManager\aavus.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll ()
MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll ()
MOD - C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL ()
MOD - C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Program Files (x86)\AAVUpdateManager\aavus.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AVMUNET) -- C:\Windows\SysNative\drivers\avmunet.sys (AVM GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "www.google.de"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011.02.01 06:23:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.02.01 06:23:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.02.01 06:24:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.09.27 14:36:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.03 11:51:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.03.27 16:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Extensions
[2011.03.27 17:01:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\8gcsjoyp.default\extensions
[2011.03.27 17:01:18 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\8gcsjoyp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.02 04:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.03.27 16:43:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.09.27 14:36:03 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011.10.03 11:50:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011.10.03 11:50:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.03 11:50:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.03 11:50:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.03 11:50:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.03 11:50:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.03 11:50:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20110518142315.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110518142316.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [EPSON SX510W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_S5535.tmp" /EF "HKCU" File not found
O4 - Startup: C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kerstin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kerstin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E6A6B17-80BF-47F7-8EA3-5FA3B1F561CD}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ECFE076-F8ED-4601-8A1B-6739A3CDA484}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5430D13-B4CF-4355-AE05-E4839A6D5138}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SafeBootNet:64bit: mfefirek - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfefirek.sys - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfevtp - C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.01 13:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011.11.01 02:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.10.31 18:41:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\EgisTec
[2011.10.31 18:38:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.10.31 18:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.31 18:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.31 18:38:05 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.10.31 18:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.10.31 17:40:45 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Simply Super Software
[2011.10.30 21:36:03 | 000,000,000 | RHSD | C] -- C:\Users\***\M-1-52-5782-8752-5245
[2011.10.12 02:41:56 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.10.12 02:41:55 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.10.12 02:41:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.10.12 02:41:54 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.10.12 02:41:54 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.10.12 02:41:54 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.10.12 02:41:54 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.10.12 02:41:52 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.10.12 02:41:52 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.10.12 02:41:51 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.10.12 02:41:51 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.10.12 02:41:51 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.10.12 02:41:51 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.10.12 02:41:50 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.10.12 02:41:50 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.10.12 02:41:01 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011.10.12 02:41:01 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011.10.12 02:41:01 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011.10.12 02:41:01 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011.10.12 02:41:01 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011.10.12 02:41:01 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011.10.12 02:41:01 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011.10.12 02:41:01 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011.10.12 02:41:00 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011.10.12 02:41:00 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011.10.12 02:40:21 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011.10.12 02:40:20 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011.10.11 07:14:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.10.06 12:11:51 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.01 13:35:26 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.01 13:35:26 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.01 13:32:35 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.01 13:32:35 | 000,659,238 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.01 13:32:35 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.01 13:32:35 | 000,132,776 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.01 13:32:35 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.01 13:28:24 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011.11.01 13:27:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.01 13:27:38 | 2197,999,616 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.14 17:48:07 | 000,026,329 | ---- | M] () -- C:\Users\Kerstin\Documents\Bestandsabweichung.odt
[2011.10.12 07:42:22 | 000,306,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.11 16:19:13 | 316,641,199 | ---- | M] () -- C:\Windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2011.10.14 17:48:04 | 000,026,329 | ---- | C] () -- C:\Users\Kerstin\Documents\Bestandsabweichung.odt
[2011.04.02 04:42:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.27 18:33:30 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011.03.27 18:08:30 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011.03.27 18:08:29 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011.03.27 18:08:29 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011.03.27 18:08:29 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011.03.27 18:08:29 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011.03.27 18:08:29 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011.03.27 18:08:29 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011.03.27 18:08:29 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011.03.27 18:08:29 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011.03.27 18:08:29 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011.03.27 18:08:29 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011.03.27 18:08:29 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011.03.27 18:08:29 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011.03.27 18:08:29 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011.03.27 18:08:29 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011.03.27 18:08:29 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011.03.27 18:08:29 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011.03.27 18:08:29 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011.03.27 18:08:29 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011.03.27 16:07:04 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.02.01 06:22:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.01.17 18:10:52 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011.01.17 17:26:32 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.10.11 07:14:41 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\DVDVideoSoft
[2011.03.27 17:01:17 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.24 11:51:32 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\Epson
[2011.03.27 15:28:19 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\FRITZ!
[2011.03.27 16:55:34 | 000,000,000 | ---D | M] -- C:\Users\Kerstin\AppData\Roaming\OpenOffice.org
[2011.10.01 12:48:17 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.03.27 19:16:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2011.03.27 13:44:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink
[2011.10.11 07:14:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.03.27 17:01:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.24 11:51:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epson
[2011.03.27 15:28:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!
[2011.03.27 13:45:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2011.03.27 18:08:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2011.03.27 13:46:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2011.10.31 18:38:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.05.29 08:08:59 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2011.03.27 16:07:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2011.03.27 16:55:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.11.01 04:39:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2011.10.24 10:39:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >
         
--- --- ---


danke soweit. Wie gehts weiter?


Alt 01.11.2011, 14:42   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
weiteres Facebookopfer :-( - Standard

weiteres Facebookopfer :-(



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
[2011.10.30 21:36:03 | 000,000,000 | RHSD | C] -- C:\Users\***\M-1-52-5782-8752-5245
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:CB0AACC9
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
--> weiteres Facebookopfer :-(

Alt 01.11.2011, 15:49   #7
karl-heinz00
 
weiteres Facebookopfer :-( - Standard

weiteres Facebookopfer :-(



Also da hat sich nichts geöffnet nach dem "OK"-Click, sondern der PC ist neugestartet.

Aber im "_OTL" Ordner bin ich fündig geworden:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ deleted successfully.
File move failed. c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll scheduled to be moved on reboot.
C:\Users\KERSTIN\M-1-52-5782-8752-5245 folder moved successfully.
ADS C:\ProgramData\Temp:CB0AACC9 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Kerstin
->Temp folder emptied: 97486749 bytes
->Temporary Internet Files folder emptied: 40940354 bytes
->Java cache emptied: 24878254 bytes
->FireFox cache emptied: 72944845 bytes
->Flash cache emptied: 7237 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 142321298 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 220034 bytes
 
Total Files Cleaned = 361,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 11012011_163912
         

Alt 01.11.2011, 19:22   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
weiteres Facebookopfer :-( - Standard

weiteres Facebookopfer :-(



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.11.2011, 22:45   #9
karl-heinz00
 
weiteres Facebookopfer :-( - Standard

weiteres Facebookopfer :-(



TDSS-Killer:

Code:
ATTFilter
23:40:47.0313 1788	TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
23:40:47.0552 1788	============================================================
23:40:47.0552 1788	Current date / time: 2011/11/01 23:40:47.0552
23:40:47.0552 1788	SystemInfo:
23:40:47.0552 1788	
23:40:47.0552 1788	OS Version: 6.1.7600 ServicePack: 0.0
23:40:47.0552 1788	Product type: Workstation
23:40:47.0553 1788	ComputerName: ***-PC
23:40:47.0553 1788	UserName: ***
23:40:47.0553 1788	Windows directory: C:\Windows
23:40:47.0553 1788	System windows directory: C:\Windows
23:40:47.0553 1788	Running under WOW64
23:40:47.0553 1788	Processor architecture: Intel x64
23:40:47.0553 1788	Number of processors: 2
23:40:47.0553 1788	Page size: 0x1000
23:40:47.0553 1788	Boot type: Normal boot
23:40:47.0553 1788	============================================================
23:40:49.0741 1788	Initialize success
23:41:26.0751 3044	============================================================
23:41:26.0751 3044	Scan started
23:41:26.0751 3044	Mode: Manual; SigCheck; TDLFS; 
23:41:26.0752 3044	============================================================
23:41:28.0570 3044	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
23:41:28.0831 3044	1394ohci - ok
23:41:28.0906 3044	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
23:41:28.0946 3044	ACPI - ok
23:41:28.0964 3044	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
23:41:29.0103 3044	AcpiPmi - ok
23:41:29.0131 3044	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:41:29.0187 3044	adp94xx - ok
23:41:29.0229 3044	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:41:29.0285 3044	adpahci - ok
23:41:29.0300 3044	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:41:29.0346 3044	adpu320 - ok
23:41:29.0445 3044	AFD             (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
23:41:29.0666 3044	AFD - ok
23:41:29.0701 3044	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
23:41:29.0745 3044	agp440 - ok
23:41:29.0769 3044	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
23:41:29.0815 3044	aliide - ok
23:41:29.0869 3044	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
23:41:29.0909 3044	amdide - ok
23:41:29.0961 3044	amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
23:41:30.0152 3044	amdiox64 - ok
23:41:30.0182 3044	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:41:30.0271 3044	AmdK8 - ok
23:41:30.0681 3044	amdkmdag        (375ac85e1130eaa1eaeb62ddd22b0efb) C:\Windows\system32\DRIVERS\atikmdag.sys
23:41:31.0189 3044	amdkmdag - ok
23:41:31.0369 3044	amdkmdap        (daeb3f2bb2095b95b98be6cec99d02e7) C:\Windows\system32\DRIVERS\atikmpag.sys
23:41:31.0554 3044	amdkmdap - ok
23:41:31.0619 3044	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:41:31.0703 3044	AmdPPM - ok
23:41:31.0781 3044	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
23:41:31.0919 3044	amdsata - ok
23:41:31.0957 3044	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:41:32.0003 3044	amdsbs - ok
23:41:32.0027 3044	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
23:41:32.0151 3044	amdxata - ok
23:41:32.0179 3044	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
23:41:32.0336 3044	AppID - ok
23:41:32.0379 3044	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:41:32.0414 3044	arc - ok
23:41:32.0430 3044	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:41:32.0474 3044	arcsas - ok
23:41:32.0493 3044	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:41:32.0740 3044	AsyncMac - ok
23:41:32.0814 3044	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
23:41:32.0841 3044	atapi - ok
23:41:32.0922 3044	AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
23:41:33.0052 3044	AtiHDAudioService - ok
23:41:33.0119 3044	AVMUNET         (60ddd914d878d04b5b0b1179b67e214d) C:\Windows\system32\DRIVERS\avmunet.sys
23:41:33.0344 3044	AVMUNET - ok
23:41:33.0403 3044	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:41:33.0472 3044	b06bdrv - ok
23:41:33.0508 3044	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:41:33.0580 3044	b57nd60a - ok
23:41:33.0797 3044	BCM43XX         (2d659b569a76cdb83b815675a80d7096) C:\Windows\system32\DRIVERS\bcmwl664.sys
23:41:33.0936 3044	BCM43XX - ok
23:41:33.0974 3044	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:41:34.0086 3044	Beep - ok
23:41:34.0155 3044	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:41:34.0239 3044	blbdrive - ok
23:41:34.0286 3044	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
23:41:34.0492 3044	bowser - ok
23:41:34.0520 3044	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:41:34.0588 3044	BrFiltLo - ok
23:41:34.0606 3044	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:41:34.0672 3044	BrFiltUp - ok
23:41:34.0716 3044	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:41:34.0837 3044	Brserid - ok
23:41:34.0856 3044	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:41:34.0954 3044	BrSerWdm - ok
23:41:34.0967 3044	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:41:35.0034 3044	BrUsbMdm - ok
23:41:35.0047 3044	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:41:35.0100 3044	BrUsbSer - ok
23:41:35.0116 3044	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:41:35.0168 3044	BTHMODEM - ok
23:41:35.0220 3044	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:41:35.0335 3044	cdfs - ok
23:41:35.0392 3044	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
23:41:35.0438 3044	cdrom - ok
23:41:35.0556 3044	cfwids          (676535b3156fecf7133cf80b4d2f6cf7) C:\Windows\system32\drivers\cfwids.sys
23:41:35.0585 3044	cfwids - ok
23:41:35.0630 3044	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:41:35.0702 3044	circlass - ok
23:41:35.0759 3044	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:41:35.0815 3044	CLFS - ok
23:41:35.0880 3044	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:41:35.0929 3044	CmBatt - ok
23:41:35.0945 3044	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
23:41:35.0982 3044	cmdide - ok
23:41:36.0008 3044	CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
23:41:36.0100 3044	CNG - ok
23:41:36.0236 3044	CnxtHdAudService (9f005ced6a6a11aecc536fdaa17e7a04) C:\Windows\system32\drivers\CHDRT64.sys
23:41:36.0397 3044	CnxtHdAudService - ok
23:41:36.0428 3044	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:41:36.0467 3044	Compbatt - ok
23:41:36.0502 3044	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:41:36.0579 3044	CompositeBus - ok
23:41:36.0634 3044	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:41:36.0668 3044	crcdisk - ok
23:41:36.0799 3044	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
23:41:37.0020 3044	DfsC - ok
23:41:37.0084 3044	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:41:37.0212 3044	discache - ok
23:41:37.0255 3044	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:41:37.0298 3044	Disk - ok
23:41:37.0347 3044	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:41:37.0430 3044	drmkaud - ok
23:41:37.0576 3044	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
23:41:37.0772 3044	DXGKrnl - ok
23:41:37.0974 3044	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:41:38.0264 3044	ebdrv - ok
23:41:38.0379 3044	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:41:38.0489 3044	elxstor - ok
23:41:38.0517 3044	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
23:41:38.0602 3044	ErrDev - ok
23:41:38.0697 3044	ETD             (9d8739a2a2173c9d27c499a3fc6eda3f) C:\Windows\system32\DRIVERS\ETD.sys
23:41:38.0844 3044	ETD - ok
23:41:38.0878 3044	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:41:38.0993 3044	exfat - ok
23:41:39.0038 3044	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:41:39.0161 3044	fastfat - ok
23:41:39.0182 3044	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:41:39.0259 3044	fdc - ok
23:41:39.0314 3044	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:41:39.0347 3044	FileInfo - ok
23:41:39.0367 3044	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:41:39.0489 3044	Filetrace - ok
23:41:39.0526 3044	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:41:39.0573 3044	flpydisk - ok
23:41:39.0652 3044	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
23:41:39.0698 3044	FltMgr - ok
23:41:39.0755 3044	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:41:39.0791 3044	FsDepends - ok
23:41:39.0819 3044	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:41:39.0852 3044	Fs_Rec - ok
23:41:39.0886 3044	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:41:40.0027 3044	fvevol - ok
23:41:40.0056 3044	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:41:40.0098 3044	gagp30kx - ok
23:41:40.0147 3044	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:41:40.0244 3044	hcw85cir - ok
23:41:40.0283 3044	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
23:41:40.0372 3044	HdAudAddService - ok
23:41:40.0415 3044	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:41:40.0479 3044	HDAudBus - ok
23:41:40.0492 3044	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:41:40.0543 3044	HidBatt - ok
23:41:40.0572 3044	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:41:40.0671 3044	HidBth - ok
23:41:40.0685 3044	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:41:40.0767 3044	HidIr - ok
23:41:40.0810 3044	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
23:41:40.0875 3044	HidUsb - ok
23:41:40.0934 3044	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:41:40.0972 3044	HpSAMD - ok
23:41:41.0059 3044	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
23:41:41.0173 3044	HTTP - ok
23:41:41.0198 3044	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
23:41:41.0236 3044	hwpolicy - ok
23:41:41.0278 3044	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:41:41.0344 3044	i8042prt - ok
23:41:41.0393 3044	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
23:41:41.0547 3044	iaStorV - ok
23:41:41.0589 3044	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:41:41.0629 3044	iirsp - ok
23:41:41.0660 3044	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
23:41:41.0692 3044	intelide - ok
23:41:41.0715 3044	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:41:41.0789 3044	intelppm - ok
23:41:41.0815 3044	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:41:41.0910 3044	IpFilterDriver - ok
23:41:41.0930 3044	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:41:41.0998 3044	IPMIDRV - ok
23:41:42.0022 3044	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:41:42.0141 3044	IPNAT - ok
23:41:42.0183 3044	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:41:42.0261 3044	IRENUM - ok
23:41:42.0298 3044	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
23:41:42.0346 3044	isapnp - ok
23:41:42.0389 3044	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
23:41:42.0439 3044	iScsiPrt - ok
23:41:42.0487 3044	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:41:42.0527 3044	kbdclass - ok
23:41:42.0566 3044	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
23:41:42.0612 3044	kbdhid - ok
23:41:42.0665 3044	KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
23:41:42.0699 3044	KSecDD - ok
23:41:42.0724 3044	KSecPkg         (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
23:41:42.0858 3044	KSecPkg - ok
23:41:42.0884 3044	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:41:42.0996 3044	ksthunk - ok
23:41:43.0073 3044	L1C             (0e154da6ca9105354a07d0c576804037) C:\Windows\system32\DRIVERS\L1C62x64.sys
23:41:43.0201 3044	L1C - ok
23:41:43.0255 3044	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:41:43.0348 3044	lltdio - ok
23:41:43.0393 3044	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:41:43.0432 3044	LSI_FC - ok
23:41:43.0447 3044	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:41:43.0484 3044	LSI_SAS - ok
23:41:43.0501 3044	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:41:43.0537 3044	LSI_SAS2 - ok
23:41:43.0555 3044	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:41:43.0596 3044	LSI_SCSI - ok
23:41:43.0630 3044	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:41:43.0740 3044	luafv - ok
23:41:43.0810 3044	MBAMProtector   (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
23:41:43.0838 3044	MBAMProtector - ok
23:41:43.0938 3044	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:41:43.0979 3044	megasas - ok
23:41:44.0010 3044	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:41:44.0059 3044	MegaSR - ok
23:41:44.0104 3044	mfeapfk         (31338e489314ae2a29534fbaa7ad2f1b) C:\Windows\system32\drivers\mfeapfk.sys
23:41:44.0132 3044	mfeapfk - ok
23:41:44.0180 3044	mfeavfk         (5822e70233218bcf22a65fcea74d012d) C:\Windows\system32\drivers\mfeavfk.sys
23:41:44.0313 3044	mfeavfk - ok
23:41:44.0346 3044	mfeavfk01 - ok
23:41:44.0404 3044	mfefirek        (5a24e7c834576313d8c5eaf0825da844) C:\Windows\system32\drivers\mfefirek.sys
23:41:44.0547 3044	mfefirek - ok
23:41:44.0625 3044	mfehidk         (a2607740bb18d631da01e01dcb81843b) C:\Windows\system32\drivers\mfehidk.sys
23:41:44.0772 3044	mfehidk - ok
23:41:44.0805 3044	mfenlfk         (50c3a9d7465d385061c0601deefb5a8e) C:\Windows\system32\DRIVERS\mfenlfk.sys
23:41:44.0930 3044	mfenlfk - ok
23:41:44.0960 3044	mferkdet        (edf5ee799a0b3ed6dce8bb16a51f3d1f) C:\Windows\system32\drivers\mferkdet.sys
23:41:45.0089 3044	mferkdet - ok
23:41:45.0139 3044	mfewfpk         (9182faf9addd5ea6308d155ceb502c6f) C:\Windows\system32\drivers\mfewfpk.sys
23:41:45.0274 3044	mfewfpk - ok
23:41:45.0333 3044	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:41:45.0421 3044	Modem - ok
23:41:45.0467 3044	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:41:45.0528 3044	monitor - ok
23:41:45.0574 3044	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:41:45.0612 3044	mouclass - ok
23:41:45.0669 3044	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:41:45.0753 3044	mouhid - ok
23:41:45.0822 3044	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
23:41:45.0869 3044	mountmgr - ok
23:41:45.0888 3044	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
23:41:45.0927 3044	mpio - ok
23:41:45.0951 3044	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:41:46.0071 3044	mpsdrv - ok
23:41:46.0096 3044	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
23:41:46.0177 3044	MRxDAV - ok
23:41:46.0227 3044	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:41:46.0385 3044	mrxsmb - ok
23:41:46.0493 3044	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:41:46.0689 3044	mrxsmb10 - ok
23:41:46.0765 3044	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:41:46.0926 3044	mrxsmb20 - ok
23:41:46.0968 3044	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
23:41:47.0006 3044	msahci - ok
23:41:47.0046 3044	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
23:41:47.0090 3044	msdsm - ok
23:41:47.0161 3044	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:41:47.0251 3044	Msfs - ok
23:41:47.0298 3044	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:41:47.0425 3044	mshidkmdf - ok
23:41:47.0459 3044	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
23:41:47.0491 3044	msisadrv - ok
23:41:47.0574 3044	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:41:47.0666 3044	MSKSSRV - ok
23:41:47.0689 3044	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:41:47.0798 3044	MSPCLOCK - ok
23:41:47.0815 3044	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:41:47.0920 3044	MSPQM - ok
23:41:47.0981 3044	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
23:41:48.0031 3044	MsRPC - ok
23:41:48.0064 3044	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:41:48.0092 3044	mssmbios - ok
23:41:48.0107 3044	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:41:48.0213 3044	MSTEE - ok
23:41:48.0234 3044	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:41:48.0292 3044	MTConfig - ok
23:41:48.0318 3044	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:41:48.0358 3044	Mup - ok
23:41:48.0386 3044	mwlPSDFilter    (9b1eac6faf6f37305e822f5588dc8056) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
23:41:48.0514 3044	mwlPSDFilter - ok
23:41:48.0546 3044	mwlPSDNServ     (ad55c1524b296280ed9c6e0d730d35da) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
23:41:48.0673 3044	mwlPSDNServ - ok
23:41:48.0721 3044	mwlPSDVDisk     (2b599e6ec8843637bdd62e7f8f3ba201) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
23:41:48.0846 3044	mwlPSDVDisk - ok
23:41:48.0911 3044	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:41:49.0042 3044	NativeWifiP - ok
23:41:49.0108 3044	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
23:41:49.0199 3044	NDIS - ok
23:41:49.0232 3044	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:41:49.0328 3044	NdisCap - ok
23:41:49.0374 3044	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:41:49.0496 3044	NdisTapi - ok
23:41:49.0534 3044	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
23:41:49.0656 3044	Ndisuio - ok
23:41:49.0679 3044	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:41:49.0816 3044	NdisWan - ok
23:41:49.0832 3044	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
23:41:49.0946 3044	NDProxy - ok
23:41:49.0978 3044	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:41:50.0073 3044	NetBIOS - ok
23:41:50.0095 3044	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
23:41:50.0395 3044	NetBT - ok
23:41:50.0467 3044	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:41:50.0504 3044	nfrd960 - ok
23:41:50.0540 3044	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:41:50.0634 3044	Npfs - ok
23:41:50.0674 3044	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:41:50.0776 3044	nsiproxy - ok
23:41:50.0934 3044	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
23:41:51.0144 3044	Ntfs - ok
23:41:51.0194 3044	NTIDrvr         (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
23:41:51.0351 3044	NTIDrvr - ok
23:41:51.0377 3044	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:41:51.0491 3044	Null - ok
23:41:51.0566 3044	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
23:41:51.0698 3044	nvraid - ok
23:41:51.0759 3044	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
23:41:51.0893 3044	nvstor - ok
23:41:51.0918 3044	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
23:41:51.0961 3044	nv_agp - ok
23:41:51.0979 3044	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
23:41:52.0051 3044	ohci1394 - ok
23:41:52.0085 3044	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:41:52.0131 3044	Parport - ok
23:41:52.0168 3044	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
23:41:52.0205 3044	partmgr - ok
23:41:52.0237 3044	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
23:41:52.0270 3044	pci - ok
23:41:52.0300 3044	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
23:41:52.0337 3044	pciide - ok
23:41:52.0355 3044	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:41:52.0398 3044	pcmcia - ok
23:41:52.0434 3044	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:41:52.0469 3044	pcw - ok
23:41:52.0546 3044	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:41:52.0693 3044	PEAUTH - ok
23:41:52.0816 3044	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
23:41:52.0906 3044	PptpMiniport - ok
23:41:52.0944 3044	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:41:53.0012 3044	Processor - ok
23:41:53.0090 3044	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
23:41:53.0203 3044	Psched - ok
23:41:53.0414 3044	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:41:53.0532 3044	ql2300 - ok
23:41:53.0561 3044	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:41:53.0602 3044	ql40xx - ok
23:41:53.0692 3044	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:41:53.0772 3044	QWAVEdrv - ok
23:41:53.0788 3044	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:41:53.0892 3044	RasAcd - ok
23:41:53.0940 3044	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:41:54.0039 3044	RasAgileVpn - ok
23:41:54.0081 3044	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:41:54.0196 3044	Rasl2tp - ok
23:41:54.0240 3044	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:41:54.0336 3044	RasPppoe - ok
23:41:54.0372 3044	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:41:54.0476 3044	RasSstp - ok
23:41:54.0520 3044	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
23:41:54.0641 3044	rdbss - ok
23:41:54.0658 3044	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:41:54.0712 3044	rdpbus - ok
23:41:54.0740 3044	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:41:54.0841 3044	RDPCDD - ok
23:41:54.0882 3044	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:41:55.0010 3044	RDPENCDD - ok
23:41:55.0053 3044	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:41:55.0137 3044	RDPREFMP - ok
23:41:55.0157 3044	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
23:41:55.0285 3044	RDPWD - ok
23:41:55.0306 3044	rdyboost        (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
23:41:55.0440 3044	rdyboost - ok
23:41:55.0521 3044	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:41:55.0625 3044	rspndr - ok
23:41:55.0685 3044	RSUSBSTOR       (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\System32\Drivers\RtsUStor.sys
23:41:55.0820 3044	RSUSBSTOR - ok
23:41:55.0845 3044	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
23:41:55.0886 3044	sbp2port - ok
23:41:55.0920 3044	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
23:41:56.0049 3044	scfilter - ok
23:41:56.0152 3044	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:41:56.0275 3044	secdrv - ok
23:41:56.0313 3044	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:41:56.0377 3044	Serenum - ok
23:41:56.0394 3044	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:41:56.0451 3044	Serial - ok
23:41:56.0469 3044	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:41:56.0524 3044	sermouse - ok
23:41:56.0572 3044	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
23:41:56.0684 3044	sffdisk - ok
23:41:56.0720 3044	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:41:56.0780 3044	sffp_mmc - ok
23:41:56.0796 3044	sffp_sd         (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:41:56.0939 3044	sffp_sd - ok
23:41:56.0958 3044	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:41:57.0023 3044	sfloppy - ok
23:41:57.0061 3044	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:41:57.0099 3044	SiSRaid2 - ok
23:41:57.0123 3044	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:41:57.0163 3044	SiSRaid4 - ok
23:41:57.0218 3044	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:41:57.0338 3044	Smb - ok
23:41:57.0396 3044	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:41:57.0431 3044	spldr - ok
23:41:57.0586 3044	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
23:41:57.0776 3044	srv - ok
23:41:57.0813 3044	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
23:41:57.0986 3044	srv2 - ok
23:41:58.0040 3044	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
23:41:58.0203 3044	srvnet - ok
23:41:58.0261 3044	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:41:58.0297 3044	stexstor - ok
23:41:58.0354 3044	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:41:58.0390 3044	swenum - ok
23:41:58.0623 3044	Tcpip           (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
23:41:58.0908 3044	Tcpip - ok
23:41:58.0959 3044	TCPIP6          (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
23:41:59.0037 3044	TCPIP6 - ok
23:41:59.0084 3044	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
23:41:59.0195 3044	tcpipreg - ok
23:41:59.0232 3044	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:41:59.0325 3044	TDPIPE - ok
23:41:59.0346 3044	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:41:59.0454 3044	TDTCP - ok
23:41:59.0495 3044	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
23:41:59.0613 3044	tdx - ok
23:41:59.0634 3044	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
23:41:59.0674 3044	TermDD - ok
23:41:59.0752 3044	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:41:59.0862 3044	tssecsrv - ok
23:41:59.0906 3044	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
23:42:00.0023 3044	tunnel - ok
23:42:00.0042 3044	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:42:00.0097 3044	uagp35 - ok
23:42:00.0130 3044	UBHelper        (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
23:42:00.0261 3044	UBHelper - ok
23:42:00.0362 3044	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
23:42:00.0478 3044	udfs - ok
23:42:00.0541 3044	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:42:00.0579 3044	uliagpkx - ok
23:42:00.0607 3044	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
23:42:00.0654 3044	umbus - ok
23:42:00.0696 3044	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:42:00.0758 3044	UmPass - ok
23:42:00.0841 3044	usbccgp         (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
23:42:01.0005 3044	usbccgp - ok
23:42:01.0034 3044	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
23:42:01.0115 3044	usbcir - ok
23:42:01.0161 3044	usbehci         (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
23:42:01.0291 3044	usbehci - ok
23:42:01.0327 3044	usbfilter       (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys
23:42:01.0455 3044	usbfilter - ok
23:42:01.0531 3044	usbhub          (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
23:42:01.0727 3044	usbhub - ok
23:42:01.0786 3044	usbohci         (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\DRIVERS\usbohci.sys
23:42:01.0954 3044	usbohci - ok
23:42:01.0997 3044	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:42:02.0045 3044	usbprint - ok
23:42:02.0087 3044	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:42:02.0134 3044	usbscan - ok
23:42:02.0174 3044	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:42:02.0362 3044	USBSTOR - ok
23:42:02.0406 3044	usbuhci         (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
23:42:02.0585 3044	usbuhci - ok
23:42:02.0643 3044	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
23:42:02.0867 3044	usbvideo - ok
23:42:02.0915 3044	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:42:02.0954 3044	vdrvroot - ok
23:42:03.0001 3044	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:42:03.0048 3044	vga - ok
23:42:03.0069 3044	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:42:03.0201 3044	VgaSave - ok
23:42:03.0241 3044	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
23:42:03.0286 3044	vhdmp - ok
23:42:03.0304 3044	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
23:42:03.0342 3044	viaide - ok
23:42:03.0381 3044	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
23:42:03.0417 3044	volmgr - ok
23:42:03.0440 3044	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
23:42:03.0493 3044	volmgrx - ok
23:42:03.0516 3044	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
23:42:03.0563 3044	volsnap - ok
23:42:03.0608 3044	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:42:03.0653 3044	vsmraid - ok
23:42:03.0698 3044	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:42:03.0745 3044	vwifibus - ok
23:42:03.0768 3044	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:42:03.0856 3044	vwififlt - ok
23:42:03.0903 3044	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
23:42:03.0965 3044	vwifimp - ok
23:42:04.0006 3044	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:42:04.0074 3044	WacomPen - ok
23:42:04.0094 3044	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:42:04.0192 3044	WANARP - ok
23:42:04.0203 3044	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:42:04.0288 3044	Wanarpv6 - ok
23:42:04.0341 3044	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:42:04.0380 3044	Wd - ok
23:42:04.0432 3044	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:42:04.0499 3044	Wdf01000 - ok
23:42:04.0619 3044	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:42:04.0732 3044	WfpLwf - ok
23:42:04.0751 3044	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:42:04.0784 3044	WIMMount - ok
23:42:04.0921 3044	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:42:04.0994 3044	WmiAcpi - ok
23:42:05.0075 3044	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:42:05.0192 3044	ws2ifsl - ok
23:42:05.0298 3044	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
23:42:05.0406 3044	WudfPf - ok
23:42:05.0484 3044	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:42:05.0586 3044	WUDFRd - ok
23:42:05.0684 3044	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:42:06.0514 3044	\Device\Harddisk0\DR0 - ok
23:42:06.0525 3044	Boot (0x1200)   (2b92ed39b906f0d72ca821de4d417948) \Device\Harddisk0\DR0\Partition0
23:42:06.0527 3044	\Device\Harddisk0\DR0\Partition0 - ok
23:42:06.0560 3044	Boot (0x1200)   (e5b793f09da6b64508a45a7eb3f26223) \Device\Harddisk0\DR0\Partition1
23:42:06.0564 3044	\Device\Harddisk0\DR0\Partition1 - ok
23:42:06.0565 3044	============================================================
23:42:06.0566 3044	Scan finished
23:42:06.0566 3044	============================================================
23:42:06.0630 2232	Detected object count: 0
23:42:06.0631 2232	Actual detected object count: 0
         

Alt 02.11.2011, 09:14   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
weiteres Facebookopfer :-( - Standard

weiteres Facebookopfer :-(



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.11.2011, 23:16   #11
karl-heinz00
 
weiteres Facebookopfer :-( - Standard

weiteres Facebookopfer :-(



combofix:

[/code]Combofix Logfile:
Code:
ATTFilter
ComboFix 11-11-30.03 - Kerstin 30.11.2011  23:41:50.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.2795.2015 [GMT 1:00]
ausgeführt von:: c:\users\Kerstin\Desktop\Downloads\ComboFix.exe
AV: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee  Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-28 bis 2011-11-30  ))))))))))))))))))))))))))))))
.
.
2011-11-30 22:54 . 2011-11-30 22:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-30 02:29 . 2011-10-18 13:29	28760	----a-w-	c:\program files (x86)\Mozilla Firefox\ScriptFF.dll
2011-11-17 01:28 . 2011-11-17 01:28	--------	d-----w-	c:\users\Kerstin\AppData\Local\PDF24
2011-11-17 01:09 . 2011-11-17 01:10	--------	d-----w-	c:\program files (x86)\PDF24
2011-11-09 15:23 . 2011-10-01 05:28	886784	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-09 15:23 . 2011-10-01 04:43	708608	----a-w-	c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 15:23 . 2011-09-29 16:24	1897328	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-09 15:23 . 2011-09-29 04:09	3141120	----a-w-	c:\windows\system32\win32k.sys
2011-11-02 01:25 . 2011-11-02 01:25	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-11-01 15:39 . 2011-11-01 15:39	--------	d-----w-	C:\_OTL
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-18 13:32 . 2011-05-09 05:31	161168	----a-w-	c:\windows\system32\mfevtps.exe
2011-10-15 12:16 . 2011-05-09 05:43	10248	----a-w-	c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 12:16 . 2011-05-09 05:42	75808	----a-w-	c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 12:16 . 2011-05-09 05:42	65264	----a-w-	c:\windows\system32\drivers\cfwids.sys
2011-10-15 12:16 . 2011-05-09 05:42	481768	----a-w-	c:\windows\system32\drivers\mfefirek.sys
2011-10-15 12:16 . 2011-05-09 05:42	284648	----a-w-	c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 12:16 . 2011-05-09 05:42	229528	----a-w-	c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 12:16 . 2011-05-09 05:42	100912	----a-w-	c:\windows\system32\drivers\mferkdet.sys
2011-10-15 12:16 . 2010-10-13 20:28	647080	----a-w-	c:\windows\system32\drivers\mfehidk.sys
2011-10-15 12:16 . 2010-10-13 20:28	160280	----a-w-	c:\windows\system32\drivers\mfeapfk.sys
2011-10-03 04:06 . 2011-03-27 15:43	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-10-01 03:21 . 2011-10-12 01:41	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-12 01:41	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-18 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-18 201584]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2010-11-12 296768]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-12-31 1029200]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 336384]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"MDS_Menu"="c:\program files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2010-12-09 177448]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1674896]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2011-11-03 220744]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2009-07-14 73216]
.
c:\users\Kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-11-18 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-12-31 310864]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-10-29 868224]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-12 257344]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\DRIVERS\avmunet.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mfeavfk01
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-10-29 860040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uLocal Page = c:\windows\system32\blank.htm
mStart Page = 
mLocal Page = 
IE: Free YouTube to MP3 Converter - c:\users\Kerstin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\8gcsjoyp.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-01  00:05:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-30 23:05
.
Vor Suchlauf: 9 Verzeichnis(se), 253.761.187.840 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 264.031.633.408 Bytes frei
.
- - End Of File - - 9F65A1FAD85E5D48E2DBAA0D21326FDC
         
[/CODE]
--- --- ---

Alt 01.12.2011, 09:36   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
weiteres Facebookopfer :-( - Standard

weiteres Facebookopfer :-(



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.12.2011, 14:34   #13
karl-heinz00
 
weiteres Facebookopfer :-( - Standard

weiteres Facebookopfer :-(



aswMBR:

Code:
ATTFilter
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-01 15:09:25
-----------------------------
15:09:25.142    OS Version: Windows x64 6.1.7600 
15:09:25.142    Number of processors: 2 586 0x100
15:09:25.142    ComputerName: KERSTIN-PC  UserName: Kerstin
15:09:26.297    Initialize success
15:09:36.858    AVAST engine defs: 11120100
15:09:51.194    The log file has been saved successfully to "C:\Users\Kerstin\Desktop\aswMBR.txt"
15:10:20.500    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:10:20.500    Disk 0 Vendor: WDC_WD3200BPVT-22ZEST0 01.01A01 Size: 305245MB BusType: 11
15:10:22.528    Disk 0 MBR read successfully
15:10:22.528    Disk 0 MBR scan
15:10:22.574    Disk 0 Windows 7 default MBR code
15:10:22.590    Service scanning
15:10:31.841    Modules scanning
15:10:31.841    Disk 0 trace - called modules:
15:10:31.872    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
15:10:31.888    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80030f5790]
15:10:31.903    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002f42680]
15:10:33.026    AVAST engine scan C:\Windows
15:10:41.575    AVAST engine scan C:\Windows\system32
15:13:51.006    AVAST engine scan C:\Windows\system32\drivers
15:14:15.982    AVAST engine scan C:\Users\Kerstin
15:16:44.666    AVAST engine scan C:\ProgramData
15:26:28.419    Scan finished successfully
15:30:26.709    Disk 0 MBR has been saved successfully to "C:\Users\Kerstin\Desktop\MBR.dat"
15:30:26.725    The log file has been saved successfully to "C:\Users\Kerstin\Desktop\aswMBR.txt"
         

Alt 02.12.2011, 10:28   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
weiteres Facebookopfer :-( - Standard

weiteres Facebookopfer :-(



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu weiteres Facebookopfer :-(
adobe, beseitigung, bho, converter, dateien, desktop, explorer, hijack, hijackthis, hkus\s-1-5-18, ip-block, launch, logfile, lsass.exe, löschen, malwarebytes, mcafee firewall, microsoft, mp3, msiexec.exe, phishing, problem, proxy, siteadvisor, software, symantec, temp, wmi, wmp



Ähnliche Themen: weiteres Facebookopfer :-(


  1. Snap.Do und möglerweise weiteres
    Plagegeister aller Art und deren Bekämpfung - 13.01.2014 (18)
  2. Do-search und weiteres!
    Plagegeister aller Art und deren Bekämpfung - 10.01.2014 (19)
  3. Bundestrojaner weiteres vorgehen
    Log-Analyse und Auswertung - 25.05.2013 (6)
  4. AVA Soft - ein weiteres Opfer
    Log-Analyse und Auswertung - 24.03.2013 (13)
  5. GUV Trojaner auf Windows 7 - Ein weiteres Mal
    Log-Analyse und Auswertung - 25.11.2012 (12)
  6. Ein weiteres Opfer der 100€ Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (5)
  7. ein weiteres opfer
    Plagegeister aller Art und deren Bekämpfung - 14.06.2012 (2)
  8. 50€ Virus auf ein weiteres...
    Plagegeister aller Art und deren Bekämpfung - 19.03.2012 (5)
  9. Facebookopfer durch Fake-Flashplayer
    Log-Analyse und Auswertung - 02.11.2011 (8)
  10. Antimalware Doctor - weiteres Vorgehen
    Plagegeister aller Art und deren Bekämpfung - 15.08.2010 (8)
  11. Weiteres Datenleck bei Ruf-Jugendreisen
    Nachrichten - 21.01.2010 (0)
  12. Trojan.DNSChanger und weiteres
    Plagegeister aller Art und deren Bekämpfung - 11.05.2009 (15)
  13. trojan.zlob.g - ein weiteres opfer
    Plagegeister aller Art und deren Bekämpfung - 09.12.2008 (2)
  14. ein weiteres TR/Dropper.Gen-Opfer
    Log-Analyse und Auswertung - 11.08.2008 (23)
  15. NewDotNet und DR/OneStep.E.1 und weiteres
    Plagegeister aller Art und deren Bekämpfung - 05.05.2008 (6)
  16. evtl. ein weiteres Problem???
    Log-Analyse und Auswertung - 30.11.2005 (1)
  17. TR/Drop.FunWeb.A oder weiteres :|
    Plagegeister aller Art und deren Bekämpfung - 09.12.2004 (4)

Zum Thema weiteres Facebookopfer :-( - Ihr seht es schon am Titel. Auch mir ist es passiert, dass ich einen Link ohne zu überlegen angeklickt habe, obwohl ich sonst eigtl. eher vorsichtig bin bei solchen Sachen. - weiteres Facebookopfer :-(...
Archiv
Du betrachtest: weiteres Facebookopfer :-( auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.