Facebookvirus: Ordner auf ext. Festplatte u. MP3-Player werden nur noch als Verknüpfungen angezeigt

kaliman · 15.11.2011, 22:22

Hallo zusammen,

ich bräuchte euren Spezialistenrat weil ich mit meinem Latein am Ende bin.
Seit ich eine Verknüpfung zu einem Facebook-Fotoalbum angeklickt habe, werden meine Dateien auf dem MP3-Player und meiner ext. Festplatte nur noch als Vernüpfungen angezeigt. (Es war natürlich eine .exe. Da diese aber von einem Kumpel über Skype verschickt wurde, hab ich nicht groß drüber nachgedacht). Was mir aber am meißten sorgen bereitet, dass meine ext. Backup-Platte auch davon betroffen sein könnte. Die Platte war ausgesteckt, als mich meine Frau auf das Problem hingewiesen hat. Seitdem hab ich die Platte nicht mehr eingesteckt.

Folgendes habe ich bereits getan:

1. Scan mit Malwarebytes. Wurde auch was gefunden, Ordner werden aber immer noch als Verknüfungen angezeigt. Alle bisher durchgeführten Scan-Logs findet ihr im Anhang.

2. Scan mit Eset durchgeführt. Hier die Logfile:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e5b7fa9ee77b9d48820b322b718f0e55
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-15 08:20:24
# local_time=2011-11-15 09:20:24 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 359708 57912427 162865 0
# compatibility_mode=5893 16776574 100 94 11847333 73011755 0 0
# compatibility_mode=8192 67108863 100 0 3814 3814 0 0
# scanned=152146
# found=5
# cleaned=0
# scan_time=7859
C:\Users\...\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\4890b46a-56110ff9 a variant of Java/Agent.BR trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\20c0d.msi a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
G:\$RECYCLE.BIN.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\manoy.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\System Volume Information.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I

Eine Frage noch zum Schluss. Sollte sich das Problem mit den Verknüpfungen in den Griff kriegen lassen, was passiert dann wenn ich meine Backup-Platte anschließe die vielleicht ebenfalls betroffen ist. Muss ich dann nochmals von vorne anfangen, oder hängt die falsche Darstellung der Ordner nur mit dem System zusammen?

Vielen Dank schonmal für eure Hilfe.

cosinus · 16.11.2011, 11:00

Lass dir zuerst mal alle Dateien anzeigen => http://www.trojaner-board.de/59624-a...-sichtbar.html
Danach sollte auch alle Ordner wieder angezeigt werden - halbtransparent, da sie noch die Atrribute "versteckt" und "system" tragen

Starte anschließend die Eingabeaufforderung über Start, Alle Programme, Zubehör

Musst in der Eingabeauforderung jeweils für jeden versteckten Ordner diesen Befehl ausführen:

Code:

ATTFilter

attrib -s -h "x:\ordner" /s /d

x: => Muss angepasst werden, den passenden Buchstaben verwenden
"ordner" muss dann der jew. richtige Ordnername sein

Vgl. diesen Strang => http://www.trojaner-board.de/102950-...traeger-2.html

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

kaliman · 16.11.2011, 19:27

Hallo cosinus,

Erstmal vielen Dank für deine Hilfe! Hab deine Ratschläge versucht zu befolgen. Die meißten Ordner waren auf den ersten Blick alle sichtbar. Hab trotzdem die Ordneroption entsprechend eingestellt.

Den Scan mit OTL habe ich wie beschrieben durchgeführt. Allerdings war dabei nur eine der Festplatten angeschlossen. Meine andere Platte hab ich wie gesagt noch nicht eingesteckt, da ich mir nicht sicher bin ob die Platte auch betroffen ist. Was würdest du vorschlagen?

Hier schonmal das Logfile:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 16.11.2011 18:51:49 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\chris\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,50 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 46,80% Memory free
3,00 Gb Paging File | 1,75 Gb Available in Paging File | 58,46% Paging File free
Paging file location(s): d:\pagefile.sys 0 0f:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 25,24 Gb Total Space | 1,09 Gb Free Space | 4,34% Space Free | Partition Type: NTFS
Drive D: | 49,28 Gb Total Space | 2,00 Gb Free Space | 4,06% Space Free | Partition Type: NTFS
Drive E: | 594,41 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 465,76 Gb Total Space | 436,18 Gb Free Space | 93,65% Space Free | Partition Type: NTFS
 
Computer Name: chris-PC | User Name: chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.16 18:47:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
PRC - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2011.11.03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.11.03 12:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.10.31 13:44:49 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.09.12 08:58:19 | 000,688,648 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.07.25 11:41:48 | 000,433,360 | ---- | M] (Sony Ericsson) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2011.07.03 10:56:04 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.07.03 10:56:03 | 000,400,040 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.04.21 06:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 06:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.13 14:52:46 | 000,074,960 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.07.12 17:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- D:\Programme\Logitec\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.07.08 01:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Pure Networks\Network Magic\nmapp.exe
PRC - [2009.07.07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009.07.07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007.12.17 10:55:44 | 000,660,136 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdnmon.exe
PRC - [2007.12.17 10:55:41 | 000,025,256 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdnmsdmon.exe
PRC - [2007.12.05 10:18:59 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdncoms.exe
PRC - [2007.12.05 10:18:53 | 000,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdnserv.exe
PRC - [1998.05.29 00:00:00 | 000,119,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.16 08:57:33 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.10.16 08:55:19 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.10.16 08:54:51 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.16 08:54:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.16 08:53:38 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.16 08:50:26 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.10.05 12:57:36 | 000,204,800 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\MExplorer.dll
MOD - [2010.12.13 14:52:46 | 000,074,960 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
MOD - [2010.12.13 10:58:50 | 000,047,616 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\TMonitorAPI.dll
MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.04 17:59:44 | 000,536,576 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PhoneUpdate.dll
MOD - [2010.03.18 15:55:52 | 000,233,472 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\Report.dll
MOD - [2010.01.28 12:59:50 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010.01.11 16:44:54 | 000,053,248 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\VObject.dll
MOD - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- D:\Programme\Logitec\Logitech WebCam Software\LWS.exe
MOD - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2009.07.13 16:37:04 | 000,152,112 | ---- | M] () -- C:\Programme\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009.07.13 16:37:04 | 000,098,304 | ---- | M] () -- C:\Programme\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2007.12.17 10:55:44 | 000,660,136 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdnmon.exe
MOD - [2007.12.17 10:55:41 | 000,025,256 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdnmsdmon.exe
MOD - [2007.12.07 22:36:27 | 000,036,864 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\app4r.monitor.core.dll
MOD - [2007.12.07 22:36:27 | 000,028,672 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\app4r.monitor.common.dll
MOD - [2007.12.07 22:35:14 | 000,061,440 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll
MOD - [2007.11.22 17:55:48 | 000,011,776 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2007.11.21 01:02:39 | 000,782,336 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdndrs.dll
MOD - [2007.11.21 01:02:02 | 000,380,928 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdnscw.dll
MOD - [2007.11.21 00:44:48 | 000,081,920 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdncaps.dll
MOD - [2007.10.02 23:51:09 | 000,069,632 | ---- | M] () -- C:\Programme\Lexmark 2600 Series\lxdncnv4.dll
MOD - [2007.05.29 16:39:08 | 000,589,824 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxdndatr.dll
MOD - [2007.03.26 16:39:35 | 000,073,728 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxdncats.dll
MOD - [2005.10.19 10:56:28 | 000,125,952 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011.11.03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.09.12 08:58:19 | 000,688,648 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.03 10:56:04 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.02.26 15:15:17 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.07.16 16:23:30 | 006,638,080 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (AllShare)
SRV - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007.12.05 10:18:59 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2007.12.05 10:18:53 | 000,098,984 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV - [2007.01.24 11:21:24 | 000,375,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.01.24 11:21:14 | 000,177,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.11.03 12:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011.11.03 12:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.03 10:56:06 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.03 10:56:06 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.03.24 09:57:54 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011.03.24 09:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010.11.21 10:34:09 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.11.21 10:34:09 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\WinUSB.SYS -- (WINUSB)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.13 23:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009.07.13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.07 13:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009.07.07 13:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2009.05.22 14:03:02 | 001,872,320 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2008.07.26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.07.26 15:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008.07.26 15:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008.07.26 15:22:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006.10.09 20:55:00 | 004,428,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 F7 7D 56 42 16 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.7
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Programme\Picasa\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\chris\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\chris\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: D:\Mozilla Firefox\components [2011.10.31 16:24:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: D:\Mozilla Firefox\plugins [2011.10.31 16:24:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Mozilla Firefox\components [2011.10.31 16:24:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Mozilla Firefox\plugins [2011.10.31 16:24:57 | 000,000,000 | ---D | M]
 
[2010.09.18 13:42:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\mozilla\Extensions
[2011.10.31 16:58:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\e2vvuoy2.default\extensions
[2011.09.17 08:59:42 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\e2vvuoy2.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2011.10.31 16:58:54 | 000,000,000 | ---D | M] ("pearltrees") -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\e2vvuoy2.default\extensions\collector@broceliand.fr
[2011.10.26 19:04:58 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011.10.26 19:05:00 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2011.11.12 10:32:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [AndroidSync] C:\Program Files\Android-Sync (PRE-ALPHA)\Android-Sync.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] D:\Programme\Logitec\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [lxdnamon] C:\Program Files\Lexmark 2600 Series\lxdnamon.exe ()
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Hqyuyb] C:\Users\chris\AppData\Roaming\Hqyuyb.exe File not found
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.145 217.0.43.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A993DED-CA92-420F-8FEE-AAC0ABBA6759}: DhcpNameServer = 217.0.43.145 217.0.43.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{865FC232-E737-4AEE-BFCD-F5F2AA7F4B89}: DhcpNameServer = 217.0.43.145 217.0.43.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC3F8E50-CE22-497F-A7C1-D6EAE4CC3805}: DhcpNameServer = 217.0.43.145 217.0.43.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB28A2D2-A048-445A-BFD6-E5D6C582C2B2}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Programme\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1998.04.25 03:19:49 | 000,000,036 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011.11.13 22:36:14 | 000,000,000 | ---- | M] () - G:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{a1cee434-95d5-11df-a632-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a1cee434-95d5-11df-a632-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [1998.07.07 17:50:03 | 000,550,912 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.16 18:47:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
[2011.11.15 19:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.11.15 19:04:57 | 002,322,184 | ---- | C] (ESET) -- C:\Users\chris\Desktop\esetsmartinstaller_enu.exe
[2011.11.14 22:41:22 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011.11.14 22:34:06 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\chris\Desktop\tdsskiller.exe
[2011.11.13 23:41:53 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Malwarebytes
[2011.11.13 23:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.13 23:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.13 23:41:29 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.13 23:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.12 15:22:30 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XMind
[2011.11.12 15:22:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind
[2011.11.12 10:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.11.08 17:06:23 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011.11.08 17:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011.11.08 17:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011.11.01 09:26:40 | 000,000,000 | ---D | C] -- C:\Meine Installationen
[2011.11.01 09:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 6.0
[2011.10.31 22:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Developer Network
[2011.10.31 22:00:56 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Web Publishing
[2011.10.31 22:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\Web Publish
[2011.10.31 21:57:15 | 000,000,000 | ---D | C] -- C:\Windows\msapps
[2011.10.31 21:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011.10.31 21:45:26 | 000,000,000 | ---D | C] -- C:\Windows\Java
[2011.10.31 16:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.10.31 15:37:09 | 000,000,000 | ---D | C] -- C:\Users\chris\Desktop\Desktop Dokus
[2011.10.31 13:01:31 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\IObit
[2011.10.31 13:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011.10.27 17:56:30 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\Projekt EPlan
[2011.10.26 19:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011.10.26 19:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2010.07.26 14:04:01 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDNhcp.dll
[2010.07.26 14:04:01 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdninpa.dll
[2010.07.26 14:04:00 | 001,101,824 | ---- | C] ( ) -- C:\Windows\System32\lxdnserv.dll
[2010.07.26 14:04:00 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdnusb1.dll
[2010.07.26 14:04:00 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdniesc.dll
[2010.07.26 14:04:00 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdnprox.dll
[2010.07.26 14:03:59 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdnpmui.dll
[2010.07.26 14:03:59 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdnlmpm.dll
[2010.07.26 14:03:58 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdnhbn3.dll
[2010.07.26 14:03:58 | 000,320,168 | ---- | C] ( ) -- C:\Windows\System32\lxdnih.exe
[2010.07.26 14:03:57 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdncomc.dll
[2010.07.26 14:03:57 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\lxdncoms.exe
[2010.07.26 14:03:57 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdncomm.dll
[2010.07.26 14:03:57 | 000,365,224 | ---- | C] ( ) -- C:\Windows\System32\lxdncfg.exe
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.16 18:47:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
[2011.11.16 18:36:10 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2202561733-2989273124-513295077-1001Core.job
[2011.11.16 18:36:09 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2202561733-2989273124-513295077-1001UA.job
[2011.11.16 16:34:46 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.16 16:34:46 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.16 16:25:53 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.11.16 16:25:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.16 16:25:26 | 1207,017,472 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.15 19:04:57 | 002,322,184 | ---- | M] (ESET) -- C:\Users\chris\Desktop\esetsmartinstaller_enu.exe
[2011.11.15 18:59:25 | 000,003,439 | ---- | M] () -- C:\Users\chris\Desktop\mbam-log.zip
[2011.11.15 17:08:47 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011.11.15 17:08:47 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011.11.14 22:34:08 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\chris\Desktop\tdsskiller.exe
[2011.11.13 23:41:38 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.13 23:19:53 | 000,132,597 | ---- | M] () -- C:\Users\chris\Desktop\Flash_Disinfector.exe
[2011.11.13 22:40:55 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.13 22:40:55 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.13 22:40:55 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.13 22:40:55 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.12 15:22:30 | 000,000,663 | ---- | M] () -- C:\Users\chris\Desktop\XMind.lnk
[2011.11.09 16:53:33 | 000,280,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.11.08 17:12:58 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011.11.08 17:06:25 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.11.03 12:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011.11.01 09:21:09 | 000,000,126 | ---- | M] () -- C:\Windows\mdm.ini
[2011.11.01 09:21:01 | 000,000,660 | ---- | M] () -- C:\Windows\ODBC.INI
[2011.11.01 09:21:01 | 000,000,535 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2011.10.31 21:51:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011.10.31 21:51:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011.10.31 15:39:58 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.16 16:25:53 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.11.15 18:59:34 | 000,003,439 | ---- | C] () -- C:\Users\chris\Desktop\mbam-log.zip
[2011.11.13 23:41:38 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.13 23:19:53 | 000,132,597 | ---- | C] () -- C:\Users\chris\Desktop\Flash_Disinfector.exe
[2011.11.12 15:22:30 | 000,000,663 | ---- | C] () -- C:\Users\chris\Desktop\XMind.lnk
[2011.11.08 21:00:41 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011.11.08 17:06:25 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.11.01 09:26:40 | 000,000,667 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallShield für Microsoft Visual C++ 6.lnk
[2011.10.31 22:02:09 | 000,000,126 | ---- | C] () -- C:\Windows\mdm.ini
[2011.10.31 22:02:04 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.10.31 21:51:24 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011.10.31 21:51:24 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011.10.31 21:45:31 | 000,007,311 | ---- | C] () -- C:\Windows\System32\javasup.vxd
[2011.10.31 21:45:31 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2011.10.31 21:45:17 | 000,000,113 | ---- | C] () -- C:\Windows\System32\zonedon.reg
[2011.10.31 21:45:17 | 000,000,113 | ---- | C] () -- C:\Windows\System32\zonedoff.reg
[2011.05.29 18:41:14 | 000,018,048 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011.05.29 18:41:13 | 002,340,992 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011.05.29 18:41:13 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011.05.29 18:41:13 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011.05.29 18:41:13 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011.05.02 06:20:08 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.05.02 06:20:08 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.04.30 12:26:37 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.04.09 15:44:31 | 000,004,608 | ---- | C] () -- C:\Users\chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.15 17:17:22 | 000,000,018 | ---- | C] () -- C:\Users\chris\AppData\Roaming\sys386ll.dat
[2010.08.15 16:03:57 | 000,000,005 | ---- | C] () -- C:\Users\chris\AppData\Roaming\hhxprot5
[2010.08.05 13:19:42 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.07.26 16:41:40 | 000,000,660 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.07.26 14:08:23 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdncoin.dll
[2010.07.26 14:04:13 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdnrwrd.ini
[2010.07.26 14:04:01 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDNinst.dll
[2010.07.26 14:03:58 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdngrd.dll
[2010.07.23 08:42:15 | 000,552,960 | ---- | C] () -- C:\Windows\System32\Cmeaupci.exe
[2010.07.23 08:42:15 | 000,000,082 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2010.07.23 08:41:45 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010.07.23 08:41:45 | 000,002,641 | ---- | C] () -- C:\Windows\cmudax3.ini
[2010.07.23 08:41:45 | 000,002,123 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2010.07.23 08:41:45 | 000,000,621 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2010.07.23 08:35:22 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.09.30 11:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\System32\nsldap32v60.dll
[2009.07.14 09:47:43 | 000,643,628 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,126,188 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,280,392 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,606,992 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,103,370 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.10.30 17:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\System32\nsldapssl32v60.dll
[2008.10.30 16:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\System32\nsldappr32v60.dll
[2008.07.26 14:42:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007.11.28 18:51:49 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdnvs.dll
[2007.11.21 01:02:39 | 000,782,336 | ---- | C] () -- C:\Windows\System32\lxdndrs.dll
[2007.11.21 00:44:48 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdncaps.dll
[2007.10.02 23:51:09 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdncnv4.dll
[2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1998.12.06 16:56:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\verinst.exe
[1998.06.10 00:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\System32\REPUTIL.DLL
[1998.05.18 00:00:00 | 000,014,017 | ---- | C] () -- C:\Windows\JAUTOEXP.INI
[1998.04.24 00:00:00 | 000,000,218 | ---- | C] () -- C:\Windows\FRONTPG.INI
 
========== LOP Check ==========
 
[2010.09.26 20:19:36 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\10-Sekunden-Haushaltsbuch
[2010.10.14 08:53:37 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\calibre
[2010.09.18 14:54:05 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\FreeFLVConverter
[2011.11.12 09:41:16 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\go
[2011.05.08 18:18:15 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Gutscheinmieze
[2011.10.31 13:01:31 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\IObit
[2010.11.21 17:16:48 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Leadertech
[2010.08.05 12:25:01 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Lexmark Productivity Studio
[2011.04.28 18:11:20 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Opera
[2011.01.31 11:46:53 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Programme
[2011.01.08 21:58:52 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\uTorrent
[2011.11.16 16:25:53 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011.09.07 14:35:09 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.09.26 20:19:36 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\10-Sekunden-Haushaltsbuch
[2010.07.25 11:59:58 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Adobe
[2011.07.02 12:03:26 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Avira
[2010.10.14 08:53:37 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\calibre
[2011.01.11 02:09:26 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\DivX
[2010.09.18 14:54:05 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\FreeFLVConverter
[2011.11.12 09:41:16 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\go
[2010.11.02 01:09:28 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\GRETECH
[2011.05.08 18:18:15 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Gutscheinmieze
[2010.07.22 22:27:01 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Identities
[2011.10.31 13:01:31 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\IObit
[2010.11.21 17:16:48 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Leadertech
[2010.08.05 12:25:01 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Lexmark Productivity Studio
[2010.07.22 23:56:51 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Macromedia
[2011.11.13 23:41:53 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Media Center Programs
[2011.10.31 13:38:14 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Media Player Classic
[2011.10.31 22:02:09 | 000,000,000 | --SD | M] -- C:\Users\chris\AppData\Roaming\Microsoft
[2011.11.06 13:58:44 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Mozilla
[2011.04.28 18:11:20 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Opera
[2011.01.31 11:46:53 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Programme
[2011.11.16 18:57:07 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Skype
[2011.05.29 07:08:28 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\skypePM
[2011.01.08 21:58:52 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\uTorrent
[2011.11.12 11:02:25 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Winamp
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.10.31 13:50:11 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.10.31 13:50:11 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.10.31 13:50:11 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.10.31 13:50:12 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.10.31 13:50:11 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.10.31 13:50:12 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.10.31 13:50:11 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.10.31 13:50:11 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.10.31 13:50:11 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.10.31 13:50:12 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.10.31 13:50:11 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.10.31 13:50:12 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

--- --- ---

cosinus · 16.11.2011, 20:39

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 F7 7D 56 42 16 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.7
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.7
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p="
[2011.09.17 08:59:42 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\e2vvuoy2.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2011.10.31 16:58:54 | 000,000,000 | ---D | M] ("pearltrees") -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\e2vvuoy2.default\extensions\collector@broceliand.fr
[2011.10.26 19:04:58 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011.10.26 19:05:00 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Hqyuyb] C:\Users\chris\AppData\Roaming\Hqyuyb.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1998.04.25 03:19:49 | 000,000,036 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011.11.13 22:36:14 | 000,000,000 | ---- | M] () - G:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{a1cee434-95d5-11df-a632-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a1cee434-95d5-11df-a632-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [1998.07.07 17:50:03 | 000,550,912 | R--- | M] (Microsoft Corporation)
[2011.10.26 19:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011.10.26 19:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

kaliman · 16.11.2011, 22:47

Hallo cosinus,

habe OTL mit dem entsprechenden Text gestartet. Leider ist das Problem mit den Verknüpfungen noch vorhanden.

Das Log-File sieht wie folgt aus:

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "chr-tree_ff&type=302398&ilc=12" removed from browser.search.param.yahoo-fr
Prefs.js: pdfforge@mybrowserbar.com:4.7 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.7 removed from extensions.enabledItems
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=" removed from keyword.URL
Folder C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\e2vvuoy2.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}\ not found.
Folder C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\e2vvuoy2.default\extensions\collector@broceliand.fr\ not found.
C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\components folder moved successfully.
C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\skin folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\locale\EN-US folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\locale folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\content folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
C:\Programme\Winamp\winampa.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Hqyuyb deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. E:\AUTORUN.INF scheduled to be moved on reboot.
G:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1cee434-95d5-11df-a632-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1cee434-95d5-11df-a632-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1cee434-95d5-11df-a632-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1cee434-95d5-11df-a632-806e6f6e6963}\ not found.
File move failed. E:\SETUP.EXE scheduled to be moved on reboot.
C:\Program Files\Application Updater folder moved successfully.
C:\Program Files\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Program Files\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE\4.7 folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE folder moved successfully.
C:\Program Files\pdfforge Toolbar folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chris
->Temp folder emptied: 86081728 bytes
->Temporary Internet Files folder emptied: 11155219 bytes
->Java cache emptied: 6640300 bytes
->FireFox cache emptied: 50649449 bytes
->Opera cache emptied: 17173868 bytes
->Flash cache emptied: 42509 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1374904 bytes
RecycleBin emptied: 3780935694 bytes

Total Files Cleaned = 3.771,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11162011_223456

Files\Folders moved on Reboot...
File move failed. E:\AUTORUN.INF scheduled to be moved on reboot.
File move failed. E:\SETUP.EXE scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus · 17.11.2011, 09:12

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

kaliman · 17.11.2011, 19:42

So, komme leider erst jetzt dazu mich wieder mit dem Thema zu befassen.

Den Scan hab ich durchgeführt. Logfile findest du wie folgt:

19:22:02.0940 0880 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
19:22:03.0249 0880 ============================================================
19:22:03.0249 0880 Current date / time: 2011/11/17 19:22:03.0249
19:22:03.0249 0880 SystemInfo:
19:22:03.0249 0880
19:22:03.0249 0880 OS Version: 6.1.7601 ServicePack: 1.0
19:22:03.0249 0880 Product type: Workstation
19:22:03.0249 0880 ComputerName: CHRISTOPHER-PC
19:22:03.0249 0880 UserName: Christopher
19:22:03.0249 0880 Windows directory: C:\Windows
19:22:03.0249 0880 System windows directory: C:\Windows
19:22:03.0249 0880 Processor architecture: Intel x86
19:22:03.0249 0880 Number of processors: 2
19:22:03.0249 0880 Page size: 0x1000
19:22:03.0249 0880 Boot type: Normal boot
19:22:03.0249 0880 ============================================================
19:22:04.0350 0880 Initialize success
19:22:51.0698 2980 ============================================================
19:22:51.0698 2980 Scan started
19:22:51.0698 2980 Mode: Manual; SigCheck; TDLFS;
19:22:51.0698 2980 ============================================================
19:22:53.0907 2980 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
19:22:54.0155 2980 1394ohci - ok
19:22:54.0336 2980 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
19:22:54.0370 2980 ACPI - ok
19:22:54.0526 2980 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
19:22:54.0643 2980 AcpiPmi - ok
19:22:54.0797 2980 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:22:54.0844 2980 adp94xx - ok
19:22:55.0000 2980 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:22:55.0073 2980 adpahci - ok
19:22:55.0223 2980 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:22:55.0249 2980 adpu320 - ok
19:22:55.0426 2980 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
19:22:55.0514 2980 AFD - ok
19:22:55.0657 2980 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
19:22:55.0684 2980 agp440 - ok
19:22:55.0827 2980 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:22:55.0850 2980 aic78xx - ok
19:22:56.0012 2980 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
19:22:56.0036 2980 aliide - ok
19:22:56.0202 2980 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
19:22:56.0229 2980 amdagp - ok
19:22:56.0352 2980 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
19:22:56.0372 2980 amdide - ok
19:22:56.0500 2980 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:22:56.0586 2980 AmdK8 - ok
19:22:56.0717 2980 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:22:56.0760 2980 AmdPPM - ok
19:22:56.0907 2980 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
19:22:56.0932 2980 amdsata - ok
19:22:57.0077 2980 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:22:57.0122 2980 amdsbs - ok
19:22:57.0243 2980 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
19:22:57.0266 2980 amdxata - ok
19:22:57.0459 2980 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
19:22:57.0670 2980 AppID - ok
19:22:57.0836 2980 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:22:57.0860 2980 arc - ok
19:22:57.0995 2980 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:22:58.0018 2980 arcsas - ok
19:22:58.0155 2980 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:22:58.0305 2980 AsyncMac - ok
19:22:58.0426 2980 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
19:22:58.0448 2980 atapi - ok
19:22:58.0625 2980 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
19:22:58.0674 2980 avgntflt - ok
19:22:58.0817 2980 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
19:22:58.0840 2980 avipbb - ok
19:22:59.0028 2980 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:22:59.0155 2980 b06bdrv - ok
19:22:59.0352 2980 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:22:59.0458 2980 b57nd60x - ok
19:22:59.0594 2980 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:22:59.0668 2980 Beep - ok
19:22:59.0815 2980 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:22:59.0856 2980 blbdrive - ok
19:23:00.0002 2980 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
19:23:00.0077 2980 bowser - ok
19:23:00.0206 2980 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:23:00.0299 2980 BrFiltLo - ok
19:23:00.0426 2980 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:23:00.0481 2980 BrFiltUp - ok
19:23:00.0637 2980 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:23:00.0733 2980 Brserid - ok
19:23:00.0854 2980 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:23:00.0901 2980 BrSerWdm - ok
19:23:01.0041 2980 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:23:01.0118 2980 BrUsbMdm - ok
19:23:01.0243 2980 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:23:01.0284 2980 BrUsbSer - ok
19:23:01.0411 2980 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:23:01.0458 2980 BTHMODEM - ok
19:23:01.0620 2980 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:23:01.0682 2980 cdfs - ok
19:23:01.0842 2980 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
19:23:01.0885 2980 cdrom - ok
19:23:02.0034 2980 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:23:02.0081 2980 circlass - ok
19:23:02.0198 2980 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:23:02.0229 2980 CLFS - ok
19:23:02.0393 2980 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:23:02.0420 2980 CmBatt - ok
19:23:02.0545 2980 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
19:23:02.0569 2980 cmdide - ok
19:23:02.0795 2980 cmuda3 (2f2b02c025538cdd2e2d7155b3150602) C:\Windows\system32\drivers\cmudax3.sys
19:23:02.0922 2980 cmuda3 ( UnsignedFile.Multi.Generic ) - warning
19:23:02.0922 2980 cmuda3 - detected UnsignedFile.Multi.Generic (1)
19:23:03.0102 2980 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
19:23:03.0182 2980 CNG - ok
19:23:03.0323 2980 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:23:03.0360 2980 Compbatt - ok
19:23:03.0504 2980 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
19:23:03.0581 2980 CompositeBus - ok
19:23:03.0750 2980 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:23:03.0795 2980 crcdisk - ok
19:23:04.0008 2980 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
19:23:04.0104 2980 DfsC - ok
19:23:04.0245 2980 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:23:04.0348 2980 discache - ok
19:23:04.0530 2980 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:23:04.0565 2980 Disk - ok
19:23:04.0797 2980 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:23:04.0856 2980 drmkaud - ok
19:23:05.0026 2980 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
19:23:05.0118 2980 DXGKrnl - ok
19:23:05.0389 2980 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:23:05.0553 2980 ebdrv - ok
19:23:05.0729 2980 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:23:05.0772 2980 elxstor - ok
19:23:05.0877 2980 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
19:23:05.0913 2980 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
19:23:05.0913 2980 epmntdrv - detected UnsignedFile.Multi.Generic (1)
19:23:06.0057 2980 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
19:23:06.0104 2980 ErrDev - ok
19:23:06.0229 2980 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
19:23:06.0252 2980 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
19:23:06.0252 2980 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
19:23:06.0409 2980 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:23:06.0469 2980 exfat - ok
19:23:06.0616 2980 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:23:06.0676 2980 fastfat - ok
19:23:06.0834 2980 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:23:06.0877 2980 fdc - ok
19:23:07.0028 2980 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:23:07.0069 2980 FileInfo - ok
19:23:07.0186 2980 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:23:07.0254 2980 Filetrace - ok
19:23:07.0395 2980 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:23:07.0422 2980 flpydisk - ok
19:23:07.0579 2980 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:23:07.0614 2980 FltMgr - ok
19:23:07.0758 2980 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:23:07.0780 2980 FsDepends - ok
19:23:07.0915 2980 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:23:07.0936 2980 Fs_Rec - ok
19:23:08.0084 2980 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
19:23:08.0124 2980 fvevol - ok
19:23:08.0272 2980 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:23:08.0297 2980 gagp30kx - ok
19:23:08.0467 2980 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
19:23:08.0485 2980 ggflt - ok
19:23:08.0629 2980 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
19:23:08.0649 2980 ggsemc - ok
19:23:08.0827 2980 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:23:08.0913 2980 hcw85cir - ok
19:23:09.0049 2980 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
19:23:09.0118 2980 HDAudBus - ok
19:23:09.0247 2980 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:23:09.0274 2980 HidBatt - ok
19:23:09.0401 2980 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:23:09.0450 2980 HidBth - ok
19:23:09.0643 2980 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:23:09.0735 2980 HidIr - ok
19:23:09.0971 2980 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
19:23:10.0000 2980 HidUsb - ok
19:23:10.0194 2980 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
19:23:10.0217 2980 HpSAMD - ok
19:23:10.0387 2980 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
19:23:10.0469 2980 HTTP - ok
19:23:10.0604 2980 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
19:23:10.0625 2980 hwpolicy - ok
19:23:10.0760 2980 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
19:23:10.0803 2980 i8042prt - ok
19:23:10.0987 2980 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
19:23:11.0032 2980 iaStorV - ok
19:23:11.0188 2980 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:23:11.0213 2980 iirsp - ok
19:23:11.0366 2980 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
19:23:11.0409 2980 intelide - ok
19:23:11.0563 2980 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:23:11.0622 2980 intelppm - ok
19:23:11.0780 2980 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:23:11.0836 2980 IpFilterDriver - ok
19:23:11.0995 2980 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
19:23:12.0034 2980 IPMIDRV - ok
19:23:12.0165 2980 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:23:12.0241 2980 IPNAT - ok
19:23:12.0387 2980 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:23:12.0477 2980 IRENUM - ok
19:23:12.0625 2980 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
19:23:12.0723 2980 isapnp - ok
19:23:12.0905 2980 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
19:23:12.0975 2980 iScsiPrt - ok
19:23:13.0180 2980 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
19:23:13.0204 2980 kbdclass - ok
19:23:13.0360 2980 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
19:23:13.0403 2980 kbdhid - ok
19:23:13.0549 2980 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
19:23:13.0573 2980 KSecDD - ok
19:23:13.0737 2980 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
19:23:13.0762 2980 KSecPkg - ok
19:23:13.0907 2980 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
19:23:13.0930 2980 Lavasoft Kernexplorer - ok
19:23:14.0077 2980 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
19:23:14.0098 2980 Lbd - ok
19:23:14.0239 2980 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:23:14.0315 2980 lltdio - ok
19:23:14.0499 2980 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:23:14.0553 2980 LSI_FC - ok
19:23:14.0700 2980 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:23:14.0725 2980 LSI_SAS - ok
19:23:14.0911 2980 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:23:14.0938 2980 LSI_SAS2 - ok
19:23:15.0133 2980 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:23:15.0165 2980 LSI_SCSI - ok
19:23:15.0315 2980 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:23:15.0377 2980 luafv - ok
19:23:15.0530 2980 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
19:23:15.0553 2980 LVPr2Mon - ok
19:23:15.0747 2980 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\Windows\system32\DRIVERS\lvrs.sys
19:23:15.0790 2980 LVRS - ok
19:23:15.0967 2980 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\Windows\system32\drivers\LVUSBSta.sys
19:23:15.0991 2980 LVUSBSta - ok
19:23:16.0172 2980 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
19:23:16.0194 2980 MBAMProtector - ok
19:23:16.0333 2980 MBAMSwissArmy - ok
19:23:16.0458 2980 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:23:16.0479 2980 megasas - ok
19:23:16.0637 2980 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:23:16.0670 2980 MegaSR - ok
19:23:16.0809 2980 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:23:16.0874 2980 Modem - ok
19:23:17.0034 2980 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:23:17.0096 2980 monitor - ok
19:23:17.0256 2980 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
19:23:17.0282 2980 mouclass - ok
19:23:17.0448 2980 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:23:17.0493 2980 mouhid - ok
19:23:17.0629 2980 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
19:23:17.0653 2980 mountmgr - ok
19:23:17.0827 2980 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
19:23:17.0854 2980 mpio - ok
19:23:17.0983 2980 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:23:18.0057 2980 mpsdrv - ok
19:23:18.0213 2980 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
19:23:18.0286 2980 MRxDAV - ok
19:23:18.0413 2980 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:23:18.0504 2980 mrxsmb - ok
19:23:18.0647 2980 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:23:18.0690 2980 mrxsmb10 - ok
19:23:18.0827 2980 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:23:18.0872 2980 mrxsmb20 - ok
19:23:18.0993 2980 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
19:23:19.0020 2980 msahci - ok
19:23:19.0161 2980 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
19:23:19.0190 2980 msdsm - ok
19:23:19.0342 2980 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:23:19.0393 2980 Msfs - ok
19:23:19.0504 2980 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:23:19.0561 2980 mshidkmdf - ok
19:23:19.0694 2980 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
19:23:19.0715 2980 msisadrv - ok
19:23:19.0887 2980 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:23:19.0946 2980 MSKSSRV - ok
19:23:20.0077 2980 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:23:20.0165 2980 MSPCLOCK - ok
19:23:20.0352 2980 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:23:20.0415 2980 MSPQM - ok
19:23:20.0516 2980 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:23:20.0547 2980 MsRPC - ok
19:23:20.0655 2980 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
19:23:20.0676 2980 mssmbios - ok
19:23:20.0829 2980 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:23:20.0883 2980 MSTEE - ok
19:23:21.0004 2980 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:23:21.0161 2980 MTConfig - ok
19:23:21.0313 2980 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:23:21.0350 2980 Mup - ok
19:23:21.0538 2980 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:23:21.0618 2980 NativeWifiP - ok
19:23:21.0793 2980 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
19:23:21.0848 2980 NDIS - ok
19:23:21.0995 2980 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:23:22.0041 2980 NdisCap - ok
19:23:22.0184 2980 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:23:22.0249 2980 NdisTapi - ok
19:23:22.0391 2980 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
19:23:22.0463 2980 Ndisuio - ok
19:23:22.0610 2980 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
19:23:22.0670 2980 NdisWan - ok
19:23:22.0856 2980 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
19:23:22.0918 2980 NDProxy - ok
19:23:23.0168 2980 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:23:23.0270 2980 NetBIOS - ok
19:23:23.0499 2980 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
19:23:23.0584 2980 NetBT - ok
19:23:23.0979 2980 netr73 (76b1157ef850830c5ece61d3e591ca8b) C:\Windows\system32\DRIVERS\netr73.sys
19:23:24.0057 2980 netr73 - ok
19:23:24.0418 2980 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:23:24.0473 2980 nfrd960 - ok
19:23:24.0688 2980 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:23:24.0782 2980 Npfs - ok
19:23:25.0024 2980 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:23:25.0250 2980 nsiproxy - ok
19:23:25.0459 2980 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
19:23:25.0543 2980 Ntfs - ok
19:23:25.0702 2980 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:23:25.0762 2980 Null - ok
19:23:26.0114 2980 nvlddmkm (d37174e8014da46be1a81e7b02237ac0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:23:26.0381 2980 nvlddmkm - ok
19:23:26.0524 2980 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
19:23:26.0551 2980 nvraid - ok
19:23:26.0678 2980 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
19:23:26.0706 2980 nvstor - ok
19:23:26.0840 2980 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
19:23:26.0864 2980 nv_agp - ok
19:23:26.0993 2980 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
19:23:27.0043 2980 ohci1394 - ok
19:23:27.0215 2980 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:23:27.0258 2980 Parport - ok
19:23:27.0477 2980 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
19:23:27.0516 2980 partmgr - ok
19:23:27.0883 2980 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:23:27.0958 2980 Parvdm - ok
19:23:28.0139 2980 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
19:23:28.0178 2980 pci - ok
19:23:28.0530 2980 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
19:23:28.0569 2980 pciide - ok
19:23:28.0727 2980 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:23:28.0764 2980 pcmcia - ok
19:23:29.0055 2980 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:23:29.0206 2980 pcw - ok
19:23:29.0461 2980 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:23:29.0571 2980 PEAUTH - ok
19:23:29.0868 2980 pepifilter (a05f0d7419cf4680eedd5736e6549e7b) C:\Windows\system32\DRIVERS\lv302af.sys
19:23:29.0895 2980 pepifilter - ok
19:23:30.0745 2980 PID_PEPI (4bb5ac2dd485b8eefccb977ee66a68ad) C:\Windows\system32\DRIVERS\LV302V32.SYS
19:23:30.0942 2980 PID_PEPI - ok
19:23:31.0252 2980 pnarp (8092d881311b313c99099870f663f888) C:\Windows\system32\DRIVERS\pnarp.sys
19:23:31.0272 2980 pnarp - ok
19:23:31.0446 2980 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:23:31.0506 2980 PptpMiniport - ok
19:23:31.0627 2980 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:23:31.0668 2980 Processor - ok
19:23:31.0831 2980 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:23:31.0899 2980 Psched - ok
19:23:32.0040 2980 purendis (9715050608550825b23507213cae0208) C:\Windows\system32\DRIVERS\purendis.sys
19:23:32.0057 2980 purendis - ok
19:23:32.0241 2980 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:23:32.0319 2980 ql2300 - ok
19:23:32.0459 2980 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:23:32.0487 2980 ql40xx - ok
19:23:32.0680 2980 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:23:32.0717 2980 QWAVEdrv - ok
19:23:32.0877 2980 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:23:32.0965 2980 RasAcd - ok
19:23:33.0168 2980 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:23:33.0233 2980 RasAgileVpn - ok
19:23:33.0377 2980 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:23:33.0438 2980 Rasl2tp - ok
19:23:33.0575 2980 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:23:33.0645 2980 RasPppoe - ok
19:23:33.0801 2980 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:23:33.0883 2980 RasSstp - ok
19:23:34.0026 2980 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
19:23:34.0090 2980 rdbss - ok
19:23:34.0249 2980 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:23:34.0293 2980 rdpbus - ok
19:23:34.0426 2980 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:23:34.0483 2980 RDPCDD - ok
19:23:34.0625 2980 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:23:34.0678 2980 RDPENCDD - ok
19:23:34.0875 2980 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:23:34.0918 2980 RDPREFMP - ok
19:23:35.0092 2980 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
19:23:35.0209 2980 RDPWD - ok
19:23:35.0383 2980 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
19:23:35.0430 2980 rdyboost - ok
19:23:35.0618 2980 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:23:35.0690 2980 rspndr - ok
19:23:35.0989 2980 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
19:23:36.0036 2980 sbp2port - ok
19:23:36.0272 2980 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
19:23:36.0354 2980 scfilter - ok
19:23:36.0530 2980 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:23:36.0596 2980 secdrv - ok
19:23:36.0795 2980 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:23:36.0856 2980 Serenum - ok
19:23:37.0004 2980 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:23:37.0071 2980 Serial - ok
19:23:37.0211 2980 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:23:37.0254 2980 sermouse - ok
19:23:37.0444 2980 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
19:23:37.0493 2980 sffdisk - ok
19:23:37.0635 2980 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
19:23:37.0678 2980 sffp_mmc - ok
19:23:37.0836 2980 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
19:23:37.0887 2980 sffp_sd - ok
19:23:38.0026 2980 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:23:38.0073 2980 sfloppy - ok
19:23:38.0221 2980 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
19:23:38.0249 2980 sisagp - ok
19:23:38.0413 2980 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:23:38.0450 2980 SiSRaid2 - ok
19:23:38.0651 2980 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:23:38.0676 2980 SiSRaid4 - ok
19:23:38.0819 2980 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:23:38.0893 2980 Smb - ok
19:23:39.0165 2980 smwdm (1319ea66a96250d59665d133c0ff7cd0) C:\Windows\system32\drivers\smwdm.sys
19:23:39.0245 2980 smwdm - ok
19:23:39.0586 2980 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:23:39.0618 2980 spldr - ok
19:23:40.0071 2980 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
19:23:40.0188 2980 srv - ok
19:23:40.0323 2980 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
19:23:40.0454 2980 srv2 - ok
19:23:40.0633 2980 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
19:23:40.0686 2980 srvnet - ok
19:23:40.0850 2980 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:23:40.0885 2980 ssmdrv - ok
19:23:41.0112 2980 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:23:41.0157 2980 stexstor - ok
19:23:41.0372 2980 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
19:23:41.0397 2980 swenum - ok
19:23:41.0709 2980 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
19:23:41.0809 2980 Tcpip - ok
19:23:42.0086 2980 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
19:23:42.0143 2980 TCPIP6 - ok
19:23:42.0315 2980 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
19:23:42.0370 2980 tcpipreg - ok
19:23:42.0528 2980 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
19:23:42.0583 2980 TDPIPE - ok
19:23:42.0715 2980 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
19:23:42.0770 2980 TDTCP - ok
19:23:42.0903 2980 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
19:23:42.0967 2980 tdx - ok
19:23:43.0100 2980 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
19:23:43.0143 2980 TermDD - ok
19:23:43.0348 2980 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:23:43.0401 2980 tssecsrv - ok
19:23:43.0555 2980 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
19:23:43.0614 2980 TsUsbFlt - ok
19:23:43.0778 2980 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
19:23:43.0836 2980 tunnel - ok
19:23:43.0961 2980 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:23:43.0991 2980 uagp35 - ok
19:23:44.0127 2980 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
19:23:44.0198 2980 udfs - ok
19:23:44.0352 2980 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
19:23:44.0375 2980 uliagpkx - ok
19:23:44.0520 2980 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
19:23:44.0557 2980 umbus - ok
19:23:44.0706 2980 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:23:44.0760 2980 UmPass - ok
19:23:44.0959 2980 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
19:23:45.0020 2980 usbaudio - ok
19:23:45.0221 2980 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
19:23:45.0276 2980 usbccgp - ok
19:23:45.0415 2980 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
19:23:45.0465 2980 usbcir - ok
19:23:45.0586 2980 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
19:23:45.0624 2980 usbehci - ok
19:23:45.0786 2980 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
19:23:45.0854 2980 usbhub - ok
19:23:45.0987 2980 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
19:23:46.0034 2980 usbohci - ok
19:23:46.0215 2980 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:23:46.0293 2980 usbprint - ok
19:23:46.0440 2980 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
19:23:46.0530 2980 usbscan - ok
19:23:46.0709 2980 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:23:46.0817 2980 USBSTOR - ok
19:23:46.0958 2980 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
19:23:47.0006 2980 usbuhci - ok
19:23:47.0202 2980 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
19:23:47.0250 2980 vdrvroot - ok
19:23:47.0416 2980 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:23:47.0502 2980 vga - ok
19:23:47.0653 2980 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:23:47.0747 2980 VgaSave - ok
19:23:47.0924 2980 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
19:23:47.0954 2980 vhdmp - ok
19:23:48.0116 2980 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
19:23:48.0137 2980 viaagp - ok
19:23:48.0272 2980 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:23:48.0309 2980 ViaC7 - ok
19:23:48.0442 2980 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
19:23:48.0463 2980 viaide - ok
19:23:48.0608 2980 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
19:23:48.0651 2980 volmgr - ok
19:23:48.0819 2980 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:23:48.0901 2980 volmgrx - ok
19:23:49.0071 2980 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
19:23:49.0143 2980 volsnap - ok
19:23:49.0354 2980 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:23:49.0387 2980 vsmraid - ok
19:23:49.0538 2980 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
19:23:49.0592 2980 vwifibus - ok
19:23:49.0776 2980 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
19:23:49.0821 2980 vwififlt - ok
19:23:50.0069 2980 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:23:50.0114 2980 WacomPen - ok
19:23:50.0293 2980 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:23:50.0336 2980 WANARP - ok
19:23:50.0346 2980 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:23:50.0395 2980 Wanarpv6 - ok
19:23:50.0614 2980 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:23:50.0635 2980 Wd - ok
19:23:50.0801 2980 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:23:50.0850 2980 Wdf01000 - ok
19:23:51.0059 2980 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:23:51.0227 2980 WfpLwf - ok
19:23:51.0391 2980 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:23:51.0428 2980 WIMMount - ok
19:23:51.0729 2980 WINUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\drivers\WinUSB.SYS
19:23:51.0786 2980 WINUSB - ok
19:23:51.0938 2980 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
19:23:51.0979 2980 WmiAcpi - ok
19:23:52.0127 2980 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:23:52.0182 2980 ws2ifsl - ok
19:23:52.0368 2980 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
19:23:52.0432 2980 WudfPf - ok
19:23:52.0643 2980 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:23:52.0688 2980 WUDFRd - ok
19:23:52.0952 2980 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
19:23:53.0038 2980 yukonw7 - ok
19:23:53.0194 2980 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:23:53.0311 2980 \Device\Harddisk0\DR0 - ok
19:23:53.0618 2980 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
19:23:53.0936 2980 \Device\Harddisk1\DR1 - ok
19:23:53.0944 2980 Boot (0x1200) (cc8866263a9cf66bdca83834dbcec987) \Device\Harddisk0\DR0\Partition0
19:23:53.0946 2980 \Device\Harddisk0\DR0\Partition0 - ok
19:23:53.0975 2980 Boot (0x1200) (12d18bff93ef87ff288a25bb5ace2337) \Device\Harddisk0\DR0\Partition1
19:23:53.0975 2980 \Device\Harddisk0\DR0\Partition1 - ok
19:23:53.0983 2980 Boot (0x1200) (8e87cdabff68c5f17ec5427278527160) \Device\Harddisk1\DR1\Partition0
19:23:53.0987 2980 \Device\Harddisk1\DR1\Partition0 - ok
19:23:53.0989 2980 ============================================================
19:23:53.0989 2980 Scan finished
19:23:53.0991 2980 ============================================================
19:23:54.0026 2940 Detected object count: 3
19:23:54.0026 2940 Actual detected object count: 3
19:26:39.0225 2940 cmuda3 ( UnsignedFile.Multi.Generic ) - skipped by user
19:26:39.0225 2940 cmuda3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:26:39.0231 2940 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:26:39.0233 2940 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:26:39.0237 2940 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:26:39.0237 2940 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

Der Stand ist immer noch der alte. Das unhide hat geholfen. Auf der externen Platte ist ein Ordner wieder voll sichtbar. Davor war er transparent.

cosinus · 17.11.2011, 20:23

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

kaliman · 17.11.2011, 23:10

Hallo cosinus,

puh, bin ich erleichtert. Die Daten auf der Festplatte werden wieder in normalen Ordnern angezeigt. Hab den Scan zweimal durchgeführt. Das zweite mal hab ich meinen betroffenen MP3-Player angeschlossen. Der hat zwar wieder eines der Verzeichnisse angezeigt, das war dann allerdings leer. Ist nicht allerdings nicht schlimm. Wichtiger sind waren mir die Daten auf der Festplatte.

Also, vielen Dank an dieser Stelle für deine Hilfe. Ihr leistet wirklich großartiges mit eurer Community.

Nachfolgend findest du das Logfile des zweiten Scan's. Hoffe das üble Zeugs ist nun entfernt.

Macht weiter so, super arbeit!

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-11-17.03 - Chris 17.11.2011  22:07:00.2.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.1535.403 [GMT 1:00]
ausgeführt von:: c:\users\Chris\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-17 bis 2011-11-17  ))))))))))))))))))))))))))))))
.
.
2011-11-17 21:17 . 2011-11-17 21:22	--------	d-----w-	c:\users\Chris\AppData\Local\temp
2011-11-17 21:17 . 2011-11-17 21:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-16 21:34 . 2011-11-16 21:34	--------	d-----w-	C:\_OTL
2011-11-15 18:05 . 2011-11-15 18:05	--------	d-----w-	c:\program files\ESET
2011-11-14 21:41 . 2011-11-14 21:41	--------	d-----w-	C:\TDSSKiller_Quarantine
2011-11-13 22:41 . 2011-11-13 22:41	--------	d-----w-	c:\users\Chris\AppData\Roaming\Malwarebytes
2011-11-13 22:41 . 2011-11-13 22:41	--------	d-----w-	c:\programdata\Malwarebytes
2011-11-13 22:41 . 2011-11-13 22:41	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-11-13 22:41 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-09 05:51 . 2011-09-29 16:03	1290608	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-09 05:51 . 2011-10-01 04:37	708608	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-09 05:51 . 2011-09-29 03:37	2341888	----a-w-	c:\windows\system32\win32k.sys
2011-11-08 20:00 . 2011-11-08 16:12	16432	----a-w-	c:\windows\system32\lsdelete.exe
2011-11-08 16:06 . 2011-11-03 11:06	64512	----a-w-	c:\windows\system32\drivers\Lbd.sys
2011-11-08 16:06 . 2011-11-08 16:06	--------	d-----w-	c:\program files\Lavasoft
2011-11-01 08:26 . 2011-11-01 08:26	--------	d-----w-	C:\Meine Installationen
2011-11-01 08:26 . 1997-12-10 13:30	141824	----a-w-	c:\windows\system32\isdbgi51.dll
2011-11-01 08:19 . 1998-05-15 14:57	93456	----a-r-	c:\windows\system32\FPWPP.DLL
2011-11-01 08:19 . 1998-05-14 16:30	99008	----a-r-	c:\windows\system32\POSTWPP.DLL
2011-11-01 08:19 . 1998-04-29 16:52	121984	----a-r-	c:\windows\system32\CRSWPP.DLL
2011-11-01 08:19 . 1998-04-29 16:52	98960	----a-r-	c:\windows\system32\FTPWPP.DLL
2011-11-01 08:19 . 1998-04-29 16:52	50816	----a-r-	c:\windows\system32\PIPARSE.DLL
2011-11-01 08:19 . 1998-04-29 16:52	112064	----a-r-	c:\windows\system32\WPWIZDLL.DLL
2011-10-31 21:00 . 2011-11-01 08:19	--------	d-----w-	c:\program files\Web Publish
2011-10-31 20:57 . 2011-10-31 20:57	--------	d-----w-	c:\windows\msapps
2011-10-31 15:47 . 2011-10-31 15:47	--------	d-----w-	c:\program files\Common Files\Java
2011-10-31 12:50 . 2011-10-31 12:50	6144	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2011-10-31 12:50 . 2011-10-31 12:50	74240	----a-w-	c:\windows\system32\fsutil.exe
2011-10-31 12:50 . 2011-10-31 12:50	1699328	----a-w-	c:\windows\system32\esent.dll
2011-10-31 12:50 . 2011-10-31 12:50	148864	----a-w-	c:\windows\system32\drivers\storport.sys
2011-10-31 12:50 . 2011-10-31 12:50	1211264	----a-w-	c:\windows\system32\drivers\ntfs.sys
2011-10-31 12:50 . 2011-10-31 12:50	80256	----a-w-	c:\windows\system32\drivers\amdsata.sys
2011-10-31 12:50 . 2011-10-31 12:50	332160	----a-w-	c:\windows\system32\drivers\iaStorV.sys
2011-10-31 12:50 . 2011-10-31 12:50	22400	----a-w-	c:\windows\system32\drivers\amdxata.sys
2011-10-31 12:50 . 2011-10-31 12:50	143744	----a-w-	c:\windows\system32\drivers\nvstor.sys
2011-10-31 12:50 . 2011-10-31 12:50	117120	----a-w-	c:\windows\system32\drivers\nvraid.sys
2011-10-31 12:47 . 2011-10-31 12:47	161792	----a-w-	c:\windows\system32\d3d10_1.dll
2011-10-31 12:46 . 2011-10-31 12:46	27008	----a-w-	c:\windows\system32\drivers\Diskdump.sys
2011-10-31 12:46 . 2011-10-31 12:46	870912	----a-w-	c:\windows\system32\XpsPrint.dll
2011-10-31 12:45 . 2011-10-31 12:45	31232	----a-w-	c:\windows\system32\prevhost.exe
2011-10-31 12:44 . 2011-10-31 12:44	2616320	----a-w-	c:\windows\explorer.exe
2011-10-31 12:44 . 2011-10-31 12:44	288256	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-10-31 12:44 . 2011-10-31 12:44	805376	----a-w-	c:\windows\system32\FntCache.dll
2011-10-31 12:44 . 2011-10-31 12:44	739840	----a-w-	c:\windows\system32\d2d1.dll
2011-10-31 12:44 . 2011-10-31 12:44	1076736	----a-w-	c:\windows\system32\DWrite.dll
2011-10-31 12:43 . 2011-10-31 12:43	219008	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-10-31 12:01 . 2011-10-31 12:01	--------	d-----w-	c:\users\Chris\AppData\Roaming\IObit
2011-10-31 12:01 . 2011-10-31 12:01	--------	d-----w-	c:\program files\IObit
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-31 11:53 . 2011-08-07 09:57	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-06 17:57 . 2011-10-06 17:57	255352	----a-w-	c:\windows\system32\awrdscdc.ax
2011-10-03 04:06 . 2010-09-26 20:08	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-10-01 02:42 . 2011-10-13 16:54	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-08-27 04:26 . 2011-10-13 16:55	233472	----a-w-	c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-13 16:55	571904	----a-w-	c:\windows\system32\oleaut32.dll
2011-08-20 04:31 . 2011-10-13 16:54	981504	----a-w-	c:\windows\system32\wininet.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-07-25 433360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-10-09 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-09 7741440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-09 81920]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2007-12-17 660136]
"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2007-12-17 16040]
"AndroidSync"="c:\program files\Android-Sync (PRE-ALPHA)\Android-Sync.exe" [2010-08-31 1013760]
"LogitechQuickCamRibbon"="d:\programme\Logitec\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [2011-11-08 554160]
R2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [2011-09-12 688648]
R3 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 8456]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-11-21 13224]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-26 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-11-03 64512]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2007-12-05 594600]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe [2007-12-05 98984]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-11-03 15232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2202561733-2989273124-513295077-1001Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-11 23:05]
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2202561733-2989273124-513295077-1001UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-11 23:05]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.0.43.145 217.0.43.129
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\e2vvuoy2.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(692)
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\lxdnserv.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\UI0Detect.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\conhost.exe
c:\program files\Lexmark 2600 Series\lxdnMsdMon.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
c:\windows\system32\mdm.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-17  22:32:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-17 21:32
ComboFix2.txt  2011-11-17 20:29
.
Vor Suchlauf: 1.227.612.160 Bytes frei
Nach Suchlauf: 1.173.811.200 Bytes frei
.
- - End Of File - - BA2784D858D6AC95CC08F8558CB1EE68

--- --- ---

cosinus · 18.11.2011, 11:22

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

kaliman · 18.11.2011, 21:05

So, hab die Scan's wie beschrieben durchgeführt. Nachfolgend findest du die Logs.

Gruß
Chris

Gmer:

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-11-18 21:00:49
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD800BB-00DAA3 rev.75.13B75
Running: 9md53c6q.exe; Driver: C:\Users\CHRIS~1\AppData\Local\Temp\kgtiraoc.sys


---- System - GMER 1.0.15 ----

SSDT            8BFE321E                                                                                                                  ZwCreateSection
SSDT            8BFE3223                                                                                                                  ZwSetContextThread
SSDT            8BFE31BF                                                                                                                  ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwSaveKey + 13CD                                                                                             82C899C9 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                    82CA94E2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntoskrnl.exe!KeRemoveQueueEx + 14BF                                                                                       82CB085C 4 Bytes  [1E, 32, FE, 8B]
.text           ntoskrnl.exe!KeRemoveQueueEx + 185F                                                                                       82CB0BFC 4 Bytes  [23, 32, FE, 8B]
.text           ntoskrnl.exe!KeRemoveQueueEx + 1937                                                                                       82CB0CD4 4 Bytes  [BF, 31, FE, 8B]
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                  section is writeable [0x9003A340, 0x28CEB7, 0xE8000020]
.text           peauth.sys                                                                                                                9894FC9D 28 Bytes  JMP A223E499 
.text           peauth.sys                                                                                                                9894FCC1 28 Bytes  JMP A223E4BD 
?               C:\Users\CHRIST~1\AppData\Local\Temp\aswMBR.sys                                                                           Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3560] USER32.dll!RegisterMessagePumpHook + 2F1  758B8B9E 7 Bytes  JMP 003528D0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text           C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3560] USER32.dll!PostMessageW + 43A             758C48B5 7 Bytes  JMP 00352780 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text           C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3560] USER32.dll!SetDlgItemTextA + 25           758D709F 7 Bytes  JMP 003528B0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text           C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3560] USER32.dll!MessageBoxIndirectA + F5       7590E95E 7 Bytes  JMP 00352920 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text           C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3560] USER32.dll!MessageBoxIndirectW + 61       7590E9C4 7 Bytes  JMP 003529F0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text           C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3560] USER32.dll!MessageBoxExA + 1F             7590E9E8 7 Bytes  JMP 003529A0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\System32\rundll32.exe[548] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                      [754BFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[548] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                       [754BFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[548] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                     [754BFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[548] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                    [754BFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                           [74212437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                      [741F5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                     [741F56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                            [742124B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                  [74208514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                    [74204CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                   [7420506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                  [74205144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                         [74206671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                   [7420826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                              [742087BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                            [7420901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                  [7420E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                      [74204BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000049                                                                                         halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                  fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM:

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:20:04 on 18.11.2011

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Opera Software Opera Internet Browser 11.52

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\Windows\system32\lsdelete.exe  (File found, but it contains no detailed information)

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-2202561733-2989273124-513295077-1001Core.job" - "Google Inc." - C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-2202561733-2989273124-513295077-1001UA.job" - "Google Inc." - C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ODBCCP32.CPL" - "Microsoft Corporation" - C:\Windows\system32\ODBCCP32.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Cmcpls3" - "C-Media Corporation" - C:\Windows\System\CMICNFG3.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys  (File not found)
"epmntdrv" (epmntdrv) - ? - C:\Windows\system32\epmntdrv.sys  (File found, but it contains no detailed information)
"EuGdiDrv" (EuGdiDrv) - ? - C:\Windows\system32\EuGdiDrv.sys  (File found, but it contains no detailed information)
"Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys  (File found, but it contains no detailed information)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\Windows\system32\drivers\mbamswissarmy.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\Essentials Codec Pack\Haali\mmfinfo.dll  (File found, but it contains no detailed information)
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{4746C79A-2042-4332-8650-48966E44ABA8} "CPureGoProtoInfo Object" - "Cisco Systems, Inc." - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll
{D545EBD1-BD92-11CF-8772-00A0C9039735} "Developer Studio Components" - "Microsoft Corporation" - D:\Programme\MSDev98\Bin\IDE\DEVXPGL.DLL
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\Essentials Codec Pack\Haali\mmfinfo.dll  (File found, but it contains no detailed information)
{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - C:\Program Files\Essentials Codec Pack\Haali\mmfinfo.dll  (File found, but it contains no detailed information)
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - C:\Program Files\Essentials Codec Pack\Haali\mmfinfo.dll  (File found, but it contains no detailed information)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{33F85093-44BB-4587-B25B-FFD05D5B9916} "Network Magic Ordner" - "Cisco Systems, Inc." - C:\Program Files\Pure Networks\Network Magic\nmspce2.dll
{C55C499D-3518-44a1-998E-796AC5FC989D} "Network Magic Ordner" - "Cisco Systems, Inc." - C:\Program Files\Pure Networks\Network Magic\nmspce2.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{6B19FEC2-A45B-11CF-9045-00A0C9039735} "Registered ActiveX Controls" - "Microsoft Corporation" - D:\Programme\MSDev98\Bin\IDE\DEVXPGL.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10h.ocx / hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"Sony Ericsson PC Companion" - "Sony Ericsson" - "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AndroidSync" - ? - C:\Program Files\Android-Sync (PRE-ALPHA)\Android-Sync.exe -m  (File found, but it contains no detailed information)
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"LogitechQuickCamRibbon" - "Logitech Inc." - "D:\Programme\Logitec\Logitech WebCam Software\LWS.exe" /hide
"lxdnamon" - ? - "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"  (File found, but it contains no detailed information)
"lxdnmon.exe" - ? - "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"nmapp" - "Cisco Systems, Inc." - "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
"nmctxth" - "Cisco Systems, Inc." - "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"Windows Mobile-based device management" - "Microsoft Corporation" - %windir%\WindowsMobile\wmdc.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft Limited" - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
"Pure Networks Platform Service" (nmservice) - "Cisco Systems, Inc." - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
"SAMSUNG AllShare Service" (AllShare) - ? - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe  (File found, but it contains no detailed information)
"Sony Ericsson PCCompanion" (Sony Ericsson PCCompanion) - "Avanquest Software" - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
"StarMoney 7.0 OnlineUpdate" (StarMoney 7.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Program Files\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
"StarMoney 8.0 OnlineUpdate" (StarMoney 8.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-18 19:54:02
-----------------------------
19:54:02.058 OS Version: Windows 6.1.7601 Service Pack 1
19:54:02.060 Number of processors: 2 586 0x209
19:54:02.062 ComputerName: CHRIS-PC UserName: Chris
19:54:03.312 Initialize success
19:56:24.746 AVAST engine defs: 11111801
19:56:47.123 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:56:47.128 Disk 0 Vendor: WDC_WD800BB-00DAA3 75.13B75 Size: 76319MB BusType: 3
19:56:49.486 Disk 0 MBR read successfully
19:56:49.494 Disk 0 MBR scan
19:56:49.525 Disk 0 Windows 7 default MBR code
19:56:49.802 Disk 0 scanning sectors +156296385
19:56:50.302 Disk 0 scanning C:\Windows\system32\drivers
19:59:00.146 Service scanning
19:59:01.791 Modules scanning
20:00:03.873 Disk 0 trace - called modules:
20:00:03.910 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
20:00:03.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8571b030]
20:00:03.933 3 CLASSPNP.SYS[88a5159e] -> nt!IofCallDriver -> [0x849ce608]
20:00:03.945 5 ACPI.sys[882393d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85637030]
20:00:04.519 AVAST engine scan C:\Windows
20:00:12.232 AVAST engine scan C:\Windows\system32
20:04:00.726 AVAST engine scan C:\Windows\system32\drivers
20:04:16.611 AVAST engine scan C:\Users\Chris
20:06:30.658 AVAST engine scan C:\ProgramData
20:08:37.994 Scan finished successfully
20:09:30.291 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
20:09:30.304 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"

cosinus · 18.11.2011, 21:38

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

kaliman · 19.11.2011, 20:48

Hallo Arne,

so, die letzten Scans sind beendet. Malwarebytes und ESET haben nichts mehr gefunden. SASW hat noch ein paar Cookies gefunden.

Hier die Logdatei:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 11/19/2011 at 04:09 PM

Application Version : 5.0.1136

Core Rules Database Version : 7965
Trace Rules Database Version: 5777

Scan type : Complete Scan
Total Scan Time : 01:58:57

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned : 820
Memory threats detected : 0
Registry items scanned : 38352
Registry threats detected : 1
File items scanned : 142401
File threats detected : 18

Adware.Tracking Cookie
C:\Users\chris\AppData\Roaming\Microsoft\Windows\Cookies\chris@ad.zanox[1].txt [ /ad.zanox ]
C:\Users\chris\AppData\Roaming\Microsoft\Windows\Cookies\chris@adx.chip[2].txt [ /adx.chip ]
C:\Users\chris\AppData\Roaming\Microsoft\Windows\Cookies\chris@zanox[1].txt [ /zanox ]
C:\Users\chris\AppData\Roaming\Microsoft\Windows\Cookies\CULKIN0R.txt [ /ads.adk2.com ]
C:\USERS\chris\Cookies\chris@adx.chip[2].txt [ Cookie:chris@adx.chip.de/ ]
C:\USERS\chris\Cookies\chris@ad.zanox[1].txt [ Cookie:chris@ad.zanox.com/ ]
C:\USERS\chris\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\chris@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ]
D:\DATEIEN NEO\TEMP\COOKIES\GUEST@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
D:\DATEIEN NEO\TEMP\COOKIES\GUEST@IMAGE.MASTERSTATS[1].TXT [ /IMAGE.MASTERSTATS ]
D:\DATEIEN NEO\TEMP\COOKIES\GUEST@INSIGHTEXPRESSAI[1].TXT [ /INSIGHTEXPRESSAI ]
D:\DATEIEN NEO\TEMP\COOKIES\GUEST@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
D:\DATEIEN NEO\TEMP\COOKIES\GUEST@EAS.APM.EMEDIATE[2].TXT [ /EAS.APM.EMEDIATE ]
D:\DATEIEN NEO\TEMP\COOKIES\GUEST@EYEWONDER[1].TXT [ /EYEWONDER ]
D:\DATEIEN NEO\TEMP\COOKIES\GUEST@SERVING-SYS[2].TXT [ /SERVING-SYS ]
D:\DATEIEN NEO\TEMP\COOKIES\GUEST@ADS.ADBRITE[1].TXT [ /ADS.ADBRITE ]
D:\DATEIEN NEO\TEMP\COOKIES\GUEST@BS.SERVING-SYS[1].TXT [ /BS.SERVING-SYS ]
D:\DATEIEN NEO\TEMP\COOKIES\GUEST@ATDMT[1].TXT [ /ATDMT ]
D:\DATEIEN NEO\TEMP\COOKIES\GUEST@ADBRITE[1].TXT [ /ADBRITE ]

System.BrokenFileAssociation
HKCR\.exe

So wie es aussieht scheint der Rechner entmient zu sein. Vielen Dank nochmal für deine Hilfe. Jetzt bin ich wieder beruhigt.

Zum Schluss hätte ich noch eine Frage aus interesse: Was würdest du als Standard zum Schutz gegen Viren und Co empfehlen? Bin im Augenblick mit AntiVir und Ad-Aware + Windowsfirewall ausgestattet. Ist dieser Schutz ausreichend?

Schönes WE und Grüße
Chris

cosinus · 20.11.2011, 12:48

Bitte trotzdem die anderen Logs posten.

kaliman · 20.11.2011, 19:29

Hi,

hier die sind zwei anderen Logfiles:

ESET-Scan:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e5b7fa9ee77b9d48820b322b718f0e55
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-15 08:20:24
# local_time=2011-11-15 09:20:24 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 359708 57912427 162865 0
# compatibility_mode=5893 16776574 100 94 11847333 73011755 0 0
# compatibility_mode=8192 67108863 100 0 3814 3814 0 0
# scanned=152146
# found=5
# cleaned=0
# scan_time=7859
C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\4890b46a-56110ff9 a variant of Java/Agent.BR trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\20c0d.msi a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
G:\$RECYCLE.BIN.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\manoy.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\System Volume Information.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e5b7fa9ee77b9d48820b322b718f0e55
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-19 06:40:47
# local_time=2011-11-19 07:40:47 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 700351 58253070 260254 0
# compatibility_mode=5893 16776574 100 94 12187976 73352398 0 0
# compatibility_mode=8192 67108863 100 0 344457 344457 0 0
# scanned=150118
# found=1
# cleaned=0
# scan_time=6840
C:\Windows\Installer\20c0d.msi a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I

Scan mit Malwarebytes:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8192

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

19.11.2011 12:31:17
mbam-log-2011-11-19 (12-31-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|)
Durchsuchte Objekte: 302895
Laufzeit: 2 Stunde(n), 3 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

20.11.2011, 12:48	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Facebookvirus: Ordner auf ext. Festplatte u. MP3-Player werden nur noch als Verknüpfungen angezeigt Bitte trotzdem die anderen Logs posten. __________________ Logfiles bitte immer in CODE-Tags posten

Facebookvirus: Ordner auf ext. Festplatte u. MP3-Player werden nur noch als Verknüpfungen angezeigt

Log-Analyse und Auswertung: Facebookvirus: Ordner auf ext. Festplatte u. MP3-Player werden nur noch als Verknüpfungen angezeigt