Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Probleme mit Sirefef.P

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.12.2011, 12:57   #1
biberbruder
 
Probleme mit Sirefef.P - Standard

Probleme mit Sirefef.P



Hallo,

habe seit 3 Tagen Probleme mit dem Trojaner Win32:Sirefef.P
Die erste Meldung kam vor 3 Tagen mit MSE, daraufhin habe ich MSE die empfohlene Aktion ausführen lassen (entfernen). Nach Neustart war Sirefef.P zwar verschwunden, stattdessen zeiget MSE aber nun 3 Bedrohungen an (darunter wieder einen Sirefef (evtl. .S)). NAchdem ich MSE auch hier die empfohlenen Einstellungen machen lassen habe, kam nach dem erforderlichen Neustart wieder eine Warnmeldung über eine Bedrohung: Sirefef.P.

Habe dann im Netz recherchiert, versucht Sirefef.P manuell zu entfernen, die erste Aktion dabei wäre aber gewesen, den Prozess im Task-Manager zu stoppen, wo ich jedoch keinen Eintrag fand.
Deshalb habe ich weiterrecherchiert und bin schnell auf dieses Forum gestoßen.
Um größeren Schaden abzuwenden habe ich keine weiteren Lösungsschritte unternommen. Stattdessen habe ich defogger, OTL und gmer32 heruntergeladen und auf nach den angegebenen Anweisungen ausgeführt.
defogger und OTL liefen problemlos, gmer32 hat erst auf nach mehreren Anläufen geklappt, PC hat sich immer wieder aufgehängt.

Meine Fragen:

Ist mein System noch zu retten?
Wie soll ich vorgehen?
Oder ist Neuinstallation angesagt?

Danke für Eure Mühen

biberbruder

Alt 29.12.2011, 17:55   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Probleme mit Sirefef.P - Standard

Probleme mit Sirefef.P



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 31.12.2011, 10:53   #3
biberbruder
 
Probleme mit Sirefef.P - Standard

Probleme mit Sirefef.P



Hallo, habe Malwarebytes das System scannen lassen, dabei wurden einige Bedrohungen entdeckt und entfernt:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.29.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
XXXX :: XXXX-PC [Administrator]

Schutz: Aktiviert

29.12.2011 20:21:01
mbam-log-2011-12-29 (20-21-01).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 330929
Laufzeit: 2 Stunde(n), 58 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\ProgramData\kbsetup.exe (Trojan.Agent) -> 3668 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|kbsetup (Trojan.Agent) -> Daten: C:\ProgramData\kbsetup.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|kbsetup (Trojan.Agent) -> Daten: C:\ProgramData\kbsetup.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|isomob (Trojan.Agent) -> Daten: C:\Users\XXXX\AppData\Roaming\isomob.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|isomob (Trojan.Agent) -> Daten: C:\Users\XXXX\AppData\Roaming\isomob.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 8
C:\Users\XXXX\Downloads\SoftonicDownloader_fuer_finale-notepad.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt.
C:\ProgramData\kbsetup.exe (Trojan.Agent) -> Löschen bei Neustart.
C:\Users\XXXX\AppData\Roaming\isomob.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\XXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INEKYBMO\7[1].exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\XXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VRGP740H\3[1].exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\XXXX\AppData\Local\Temp\E2DE.tmp (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\XXXX\AppData\Local\Temp\comphost.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\assembly\GAC_MSIL\Desktop.ini (Rootkit.0Access) -> Löschen bei Neustart.

(Ende)
         
Danach bin ich aber nicht mehr ins Internet gekommen, ich habe daraufhin eine Systemwiederherstellung durchgeführt, wie von Win7 vorgeschlagen.
Danach hatte ich wieder Zugang zum Internet, habe dann sofort ESET ausgeführt:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6b70e722ff8caf44924be74966fd304d
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-30 02:07:16
# local_time=2011-12-30 03:07:16 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 13120258 76884289 0 0
# compatibility_mode=8192 67108863 100 0 35680 35680 0 0
# scanned=4048
# found=0
# cleaned=0
# scan_time=934
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6b70e722ff8caf44924be74966fd304d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-31 01:05:05
# local_time=2011-12-31 02:05:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 13143637 76907668 0 0
# compatibility_mode=8192 67108863 100 0 59059 59059 0 0
# scanned=216453
# found=3
# cleaned=0
# scan_time=17028
C:\Users\XXXX\AppData\Local\ebb03473\U\800000c0.@	a variant of Win32/Sirefef.CH trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\XXXX\Downloads\SoftonicDownloader_for_anvil-studio.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\XXXX\Downloads\SoftonicDownloader_fuer_free-avi-mpeg-wmv-mp4-flv-video-joiner.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6b70e722ff8caf44924be74966fd304d
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-31 05:46:04
# local_time=2011-12-31 06:46:04 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 13176961 76940992 0 0
# compatibility_mode=8192 67108863 100 0 92383 92383 0 0
# scanned=4034
# found=0
# cleaned=0
# scan_time=563
         
Diesen habe ich sogar mehrmals laufen lassen, zwischendurch habe ich die Dateien, die er als UNABLE TO CLEAN ausgegeben hatte per shift+entf gelöscht.

Bin ich sauber?
__________________

Alt 31.12.2011, 15:52   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Probleme mit Sirefef.P - Standard

Probleme mit Sirefef.P



Zitat:
Bin ich sauber?
Nein. Das wird noch einiges an Arbeit sein. Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.12.2011, 17:45   #5
biberbruder
 
Probleme mit Sirefef.P - Standard

Probleme mit Sirefef.P



Hallo,

schade, habe mich zu früh gefreut...

Hier das Logfile:

Code:
ATTFilter
OTL logfile created on: 31.12.2011 16:48:59 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\XXXX\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,09 Mb Total Physical Memory | 332,82 Mb Available Physical Memory | 32,85% Memory free
1,99 Gb Paging File | 1,10 Gb Available in Paging File | 55,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215,79 Gb Total Space | 154,33 Gb Free Space | 71,52% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 2,63 Gb Free Space | 65,88% Space Free | Partition Type: FAT32
 
Computer Name: XXXX-PC | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.31 16:45:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\XXXX\Desktop\OTL.exe
PRC - [2011.11.18 14:32:23 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2011.08.02 08:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe
PRC - [2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.10.13 18:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.10.13 18:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.08.27 09:38:50 | 000,094,208 | ---- | M] () -- C:\Programme\Uniboard 4\ubrdagent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.08.27 09:38:50 | 000,094,208 | ---- | M] () -- C:\Programme\Uniboard 4\ubrdagent.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.09.02 07:39:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.08.25 10:41:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.10.05 15:28:12 | 001,060,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010.10.05 15:27:52 | 000,484,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010.10.05 15:24:38 | 000,237,056 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010.06.22 07:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Disabled | Stopped] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.11 13:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.01.30 00:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Disabled | Stopped] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.10.13 18:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.20 17:20:30 | 000,009,216 | ---- | M] (Vodafone) [Disabled | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2006.12.19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.31 06:54:33 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0A3880D1-C127-41E7-B79E-8A7A1D077D23}\MpKsl8c89c6b4.sys -- (MpKsl8c89c6b4)
DRV - [2011.09.25 09:11:49 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.04.27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.06.17 07:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2010.05.31 05:04:30 | 006,766,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2010.05.20 07:10:32 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.04.09 13:38:30 | 000,110,592 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.04.09 13:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.04.09 13:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.04.09 13:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.04.09 13:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.04.09 13:38:30 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2007.07.31 18:45:50 | 000,076,800 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50611p015l0454ww35w4752u491
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50611p015l0454ww35w4752u491
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50611p015l0454ww35w4752u491
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Google.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\XXXX\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\XXXX\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\XXXX\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\XXXX\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\XXXX\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.12.30 14:37:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.18 16:18:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.21 21:26:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.09 06:46:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.06.16 09:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Extensions
[2011.06.16 09:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.30 14:34:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\wo2dmo0j.default\extensions
[2011.10.22 19:20:28 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\wo2dmo0j.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011.12.30 14:37:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\wo2dmo0j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.07.07 18:02:48 | 000,002,101 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\wo2dmo0j.default\searchplugins\googlede.xml
[2011.07.07 16:58:20 | 000,002,057 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\wo2dmo0j.default\searchplugins\youtube-videosuche.xml
[2011.11.10 06:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.30 14:37:06 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WO2DMO0J.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.10 06:35:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.03.31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll
[2010.04.08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2011.11.10 06:35:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.10 06:35:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.10 06:35:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.23 15:55:32 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.11.10 06:35:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.10 06:35:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.10 06:35:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DeLorme Send To GPS) - {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Programme\DeLorme\SendToGPS\PNPluginForIE.dll (DeLorme)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Uniboard virtual printer agent] C:\Program Files\Uniboard 4\ubrdagent.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\XXXX\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [MediaGet2] C:\Users\XXXX\AppData\Local\MediaGet2\mediaget.exe --minimized File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20598892-8B40-43DF-B754-481AD76FDDA3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{709FF3B3-B061-4D85-84CF-6A799690F29C}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.08.09 06:48:07 | 000,000,001 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.08.09 06:48:07 | 000,000,048 | ---- | M] () - C:\AUTOEXEC.NT -- [ NTFS ]
O33 - MountPoints2\{4cfbd12c-e343-11e0-9fe2-0026c77973a6}\Shell - "" = AutoRun
O33 - MountPoints2\{4cfbd12c-e343-11e0-9fe2-0026c77973a6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{74697c76-b871-11e0-af41-88ae1d9d1ed7}\Shell - "" = AutoRun
O33 - MountPoints2\{74697c76-b871-11e0-af41-88ae1d9d1ed7}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{d40ab779-a70d-11e0-ad8f-88ae1d9d1ed7}\Shell - "" = AutoRun
O33 - MountPoints2\{d40ab779-a70d-11e0-ad8f-88ae1d9d1ed7}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Acer ePower Management - hkey= - key= - C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AndroidManager - hkey= - key= - C:\Programme\Acer\Android Manager\AML.exe ()
MsConfig - StartUpReg: Epson Stylus SX525WD(Netzwerk) - hkey= - key= -  File not found
MsConfig - StartUpReg: facemoods - hkey= - key= -  File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\XXXX\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: iPatchData - hkey= - key= - C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.)
MsConfig - StartUpReg: iSyncData - hkey= - key= - C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.)
MsConfig - StartUpReg: LManager - hkey= - key= - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
MsConfig - StartUpReg: MobileConnect - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= -  File not found
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.31 16:45:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\XXXX\Desktop\OTL.exe
[2011.12.31 07:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.31 07:18:21 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.30 20:55:14 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Documents\My Kindle Content
[2011.12.30 20:54:50 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2011.12.30 20:54:48 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Amazon
[2011.12.30 20:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2011.12.30 05:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.29 18:18:09 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Malwarebytes
[2011.12.29 18:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.29 18:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.26 19:04:23 | 000,000,000 | ---D | C] -- C:\Closeall
[2011.12.14 16:47:25 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Documents\IdaAustralien
[2011.12.14 12:22:48 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Rovio
[2011.12.14 12:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\AngryBirds
[2011.12.14 10:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Finale 2009 Demo
[2011.12.02 17:38:58 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\DieBuecherei
[1 C:\Users\XXXX\Documents\*.tmp files -> C:\Users\XXXX\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.31 16:45:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\XXXX\Desktop\OTL.exe
[2011.12.31 16:42:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000UA.job
[2011.12.31 16:42:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.31 16:41:55 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000UA.job
[2011.12.31 16:41:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.31 10:12:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000Core.job
[2011.12.31 07:18:37 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.31 07:01:55 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.31 07:01:55 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.31 06:54:42 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.31 06:54:17 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.31 03:37:48 | 000,535,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.31 03:05:14 | 000,656,266 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.31 03:05:14 | 000,618,108 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.31 03:05:14 | 000,131,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.31 03:05:14 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.30 20:54:52 | 000,001,948 | ---- | M] () -- C:\Users\XXXX\Desktop\Kindle.lnk
[2011.12.30 20:45:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000Core.job
[2011.12.30 14:44:20 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2011.12.29 12:55:48 | 000,023,225 | ---- | M] () -- C:\Users\XXXX\Desktop\gmer_OTL_Extras.zip
[2011.12.28 08:49:20 | 000,000,176 | ---- | M] () -- C:\Users\XXXX\defogger_reenable
[2011.12.16 18:06:33 | 052,028,492 | ---- | M] () -- C:\Users\XXXX\Desktop\Dominion_20Anleitung_F8.flv
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.09 14:02:28 | 002,053,763 | ---- | M] () -- C:\Users\XXXX\Desktop\TK-Broschuere-Der-Ruecken.pdf
[2011.12.06 18:00:12 | 193,135,969 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Users\XXXX\Documents\*.tmp files -> C:\Users\XXXX\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.31 07:18:37 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.30 20:54:52 | 000,001,948 | ---- | C] () -- C:\Users\XXXX\Desktop\Kindle.lnk
[2011.12.29 12:55:16 | 000,023,225 | ---- | C] () -- C:\Users\XXXX\Desktop\gmer_OTL_Extras.zip
[2011.12.28 08:48:36 | 000,000,176 | ---- | C] () -- C:\Users\XXXX\defogger_reenable
[2011.12.16 18:02:32 | 052,028,492 | ---- | C] () -- C:\Users\XXXX\Desktop\Dominion_20Anleitung_F8.flv
[2011.12.09 14:02:28 | 002,053,763 | ---- | C] () -- C:\Users\XXXX\Desktop\TK-Broschuere-Der-Ruecken.pdf
[2011.12.06 09:26:49 | 000,004,032 | ---- | C] () -- C:\Users\XXXX\Documents\peoleo lol.cad
[2011.11.30 15:17:01 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ubrdpm.dll
[2011.11.15 11:04:40 | 000,004,608 | ---- | C] () -- C:\Users\XXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.11 15:51:50 | 000,083,968 | ---- | C] () -- C:\Windows\System32\bvcsky.dll
[2011.11.04 17:18:04 | 000,125,952 | ---- | C] () -- C:\Windows\System32\ZLhp1600.DLL
[2011.11.02 08:24:27 | 000,000,132 | ---- | C] () -- C:\Windows\KTEL.INI
[2011.10.03 09:02:12 | 000,000,120 | ---- | C] () -- C:\Windows\pear.ini
[2011.10.03 08:32:41 | 000,032,768 | ---- | C] () -- C:\Windows\php_yaz.dll
[2011.10.03 08:15:37 | 000,000,521 | ---- | C] () -- C:\Windows\my.ini
[2011.09.15 08:53:03 | 000,090,112 | ---- | C] () -- C:\Windows\System32\nccad432.dll
[2011.08.09 06:47:29 | 000,000,049 | ---- | C] () -- C:\Windows\PD.INI
[2011.06.23 15:26:53 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2011.06.13 12:00:04 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.13 11:56:57 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.05 15:22:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.03.17 19:21:36 | 000,337,920 | ---- | C] () -- C:\Windows\System32\ZSHP1600.EXE
[2010.09.14 07:55:13 | 000,656,266 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.09.14 07:55:13 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.09.14 07:55:13 | 000,131,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.09.14 07:55:13 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.08.05 15:00:20 | 000,361,808 | ---- | C] () -- C:\Windows\EMCRI_E.dll
[2010.08.05 14:39:30 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.08.05 14:30:52 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2010.08.05 14:30:52 | 000,037,468 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT
[2010.08.05 14:30:52 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2010.08.05 14:30:52 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat
[2010.08.05 14:30:52 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2010.08.05 14:30:52 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2010.08.05 14:30:52 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010.08.05 14:30:52 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2010.08.05 14:30:52 | 000,000,024 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2010.01.31 12:06:18 | 000,008,046 | ---- | C] () -- C:\Program Files\Common Files\setupBanner.jpg
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,535,376 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,618,108 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,107,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.04.14 17:07:42 | 000,037,607 | ---- | C] () -- C:\Program Files\Common Files\license.rtf
[2009.04.09 13:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2002.06.06 02:01:58 | 000,029,696 | ---- | C] () -- C:\Windows\System32\asutl8.dll
 
========== LOP Check ==========
 
[2011.11.11 15:51:49 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\7art
[2011.12.30 14:37:07 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Anvil Studio
[2011.11.13 14:47:47 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Avid
[2011.11.13 16:00:50 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\bvcsky
[2011.06.24 12:14:20 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DAEMON Tools Lite
[2011.12.02 17:38:58 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DieBuecherei
[2011.09.14 16:26:39 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\GARMIN
[2011.12.30 14:37:07 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\IrfanView
[2011.11.02 08:25:29 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\klickTel
[2011.09.15 11:21:01 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\kosy
[2011.06.11 10:31:01 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\LibreOffice
[2011.12.15 15:41:16 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Liteon
[2011.11.18 16:53:05 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\MPEG Streamclip
[2011.11.14 06:09:18 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Neuratron
[2011.09.02 11:45:49 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Roads Of Rome
[2011.12.14 12:22:48 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Rovio
[2011.07.07 14:40:08 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\SoftGrid Client
[2011.06.16 09:55:05 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Thunderbird
[2011.07.07 09:38:02 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\TP
[2011.07.05 14:58:53 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Vodafone
[2011.12.30 20:45:01 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000Core.job
[2011.12.31 16:41:55 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000UA.job
[2011.10.05 06:44:39 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.11 15:51:49 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\7art
[2011.06.06 05:53:13 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Adobe
[2011.12.30 14:37:07 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Anvil Studio
[2011.11.13 14:47:47 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Avid
[2011.11.13 16:00:50 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\bvcsky
[2011.06.24 12:14:20 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DAEMON Tools Lite
[2011.12.02 17:38:58 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DieBuecherei
[2011.09.14 16:26:39 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\GARMIN
[2011.06.05 14:32:26 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Google
[2011.06.04 13:31:10 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Identities
[2011.07.19 07:18:38 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\InstallShield
[2011.12.30 14:37:07 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\IrfanView
[2011.11.02 08:25:29 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\klickTel
[2011.09.15 11:21:01 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\kosy
[2011.06.11 10:31:01 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\LibreOffice
[2011.12.15 15:41:16 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Liteon
[2011.06.04 13:32:10 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Macromedia
[2011.12.29 18:18:09 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Malwarebytes
[2011.12.30 14:34:21 | 000,000,000 | --SD | M] -- C:\Users\XXXX\AppData\Roaming\Microsoft
[2011.11.24 05:43:50 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Mozilla
[2011.11.18 16:53:05 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\MPEG Streamclip
[2011.11.14 06:09:18 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Neuratron
[2011.11.18 14:34:26 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Real
[2011.09.02 11:45:49 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Roads Of Rome
[2011.12.14 12:22:48 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Rovio
[2011.07.07 14:40:08 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\SoftGrid Client
[2011.06.16 09:55:05 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Thunderbird
[2011.07.07 09:38:02 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\TP
[2011.12.30 14:37:10 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\vlc
[2011.07.05 14:58:53 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Vodafone
[2011.06.13 10:39:16 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.11.11 15:50:39 | 000,714,963 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\7art\Aquarium Clock\unins000.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.10.13 18:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.10.13 18:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\drivers\iaStor.sys
[2009.10.13 18:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_b12590c8dd605296\iaStor.sys
[2009.10.13 18:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\Temp\IIF2\Winall\Driver\IaStor.sys
[2009.10.13 18:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.10.13 18:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\Temp\IIF2\Winall\Driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.07.14 12:01:28 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010.07.14 12:01:28 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys
[2011.09.25 09:11:49 | 000,443,448 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll
 
<           >
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB8252$] -> Error: Cannot create file handle -> Unknown point type
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0B9176C0

< End of report >
         


Alt 31.12.2011, 19:40   #6
biberbruder
 
Probleme mit Sirefef.P - Standard

Probleme mit Sirefef.P



Hier noch der Inhalt der Extras.TxT

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 31.12.2011 16:48:59 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\XXXX\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,09 Mb Total Physical Memory | 332,82 Mb Available Physical Memory | 32,85% Memory free
1,99 Gb Paging File | 1,10 Gb Available in Paging File | 55,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215,79 Gb Total Space | 154,33 Gb Free Space | 71,52% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 2,63 Gb Free Space | 65,88% Space Free | Partition Type: FAT32
 
Computer Name: XXXX-PC | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0F60FD8E-3E58-4F8E-BF2C-DFA4C9987AE2}_is1" = DeLorme Send To GPS 1.2
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE88264-3437-4D18-B72C-4F5286383F9C}_is1" = Die Bücherei
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{467D4F46-B75D-4E9F-B710-D933D687B9BD}" = PDF Creator Pilot 4.3 
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5080900B-7E07-4926-ACD2-CB083E3B66E2}" = WD SmartWare
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF22CB1-50BE-4D96-BD63-549928AC03B6}" = Anvil Studio 2011
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" = 
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010
"{90140000-0017-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{0F513B77-0D84-4615-87F7-B814D1FC64F5}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.de-de_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.de-de_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OMUI.de-de_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010
"{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{90D3D490-F6C4-4F4A-971B-93D0A66F2E2E}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010
"{90140000-0101-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4733E76A-5F12-4513-9CA8-DB2540A74EDA}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.6 MUI
"{C2D47964-0E8D-4803-9F4A-BF5DC3D5A069}" = BASIC Stamp Editor v2.5.2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CEE2613D-3B53-4447-BA2D-E88C08272581}" = LibreOffice 3.3
"{D617DF82-6046-44EB-AD4A-D3423319E12C}" = Geosense for Windows
"{DE322C0B-CF1F-483E-935C-996E2D24FF23}" = klickTel Routenplaner Deutschland und Europa 2011
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite
"{E63D17F8-D9DA-479D-B9B5-0D101A03703B}_is1" = Uniboard 4
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBE64702-E893-4D55-BA5C-514AAF11CCC4}" = Sibelius 7 OpenType Fonts
"1489-3350-5074-6281" = JDownloader 0.9
"3B29FD3CCF1F5B855DA0C521597413EBABE97DFB" = ENE USB Card Reader Driver
"498B9978CE49397903524B0761200F43EC650044" = Windows-Treiberpaket - FTDI CDM Driver Package (07/12/2010 2.08.02)
"4DdeinstKey" = 4Design
"67170FB0228B69BCCBEF8CE14A76953A5505D8EA" = Windows-Treiberpaket - FTDI CDM Driver Package (07/12/2010 2.08.02)
"7art Aquarium Clock Screensaver_is1" = 7art Aquarium Clock © 7art-screensavers.com
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon Kindle" = Amazon Kindle
"AsUninst.exe" = Anvil Studio
"DAEMON Tools Lite" = DAEMON Tools Lite
"EPSON Scanner" = EPSON Scan
"EPSON SX525WD Series" = EPSON SX525WD Series Printer Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"F8DC9DFED0912C7E47EB1446EF7E3C53D3A0942D" = Windows-Treiberpaket - Parallax Inc CDM Driver Package - Bus & VCP Driver (07/12/2010 2.08.02)
"GPL Ghostscript 9.04" = GPL Ghostscript
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Identity Card" = Identity Card
"InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"IrfanView" = IrfanView (remove only)
"iSkysoft Video Converter_is1" = iSkysoft Video Converter(Build 2.0.0.11)
"Lateinische Ausgangsschrift LA_is1" = Pelikan Schulschriften
"Licking Dog Screen Clean Screensaver" = Licking Dog Screen Clean Screensaver
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"Navit" = Navit
"nccad7.5" = nccad7.5
"nccad8.0" = nccad8.0
"Neuratron PhotoScore Lite Demo" = Neuratron PhotoScore Lite Demo
"Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"Rainlendar2" = Rainlendar2 (remove only)
"RealPlayer 15.0" = RealPlayer
"Sibelius 7.0.0.23_is1" = Sibelius 7.0.0.23
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.12.2011 03:45:06 | Computer Name = XXXX-PC | Source = Google Update | ID = 20
Description = 
 
Error - 29.12.2011 04:05:42 | Computer Name = XXXX-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 29.12.2011 04:06:14 | Computer Name = XXXX-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 29.12.2011 06:03:53 | Computer Name = XXXX-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gmer.exe, Version: 1.0.15.15641, 
Zeitstempel: 0x4e21f2b1  Name des fehlerhaften Moduls: gmer.exe, Version: 1.0.15.15641,
 Zeitstempel: 0x4e21f2b1  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000c676  ID des fehlerhaften
 Prozesses: 0xf4c  Startzeit der fehlerhaften Anwendung: 0x01ccc610d190f626  Pfad der
 fehlerhaften Anwendung: C:\Users\XXXX\Desktop\gmer.exe  Pfad des fehlerhaften Moduls:
 C:\Users\XXXX\Desktop\gmer.exe  Berichtskennung: 691711fe-3204-11e1-b829-88ae1d9d1ed7
 
Error - 29.12.2011 11:24:55 | Computer Name = XXXX-PC | Source = Google Update | ID = 20
Description = 
 
Error - 29.12.2011 18:45:08 | Computer Name = XXXX-PC | Source = Google Update | ID = 20
Description = 
 
Error - 29.12.2011 19:42:04 | Computer Name = XXXX-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 29.12.2011 19:43:24 | Computer Name = XXXX-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 29.12.2011 21:45:07 | Computer Name = XXXX-PC | Source = Google Update | ID = 20
Description = 
 
Error - 30.12.2011 00:45:06 | Computer Name = XXXX-PC | Source = Google Update | ID = 20
Description = 
 
[ System Events ]
Error - 26.09.2011 23:35:12 | Computer Name = XXXX-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 27.09.2011 00:54:47 | Computer Name = XXXX-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 27.09.2011 01:47:24 | Computer Name = XXXX-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 28.09.2011 01:23:54 | Computer Name = XXXX-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 28.09.2011 01:54:24 | Computer Name = XXXX-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 28.09.2011 05:55:35 | Computer Name = XXXX-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 28.09.2011 05:58:53 | Computer Name = XXXX-PC | Source = bowser | ID = 8003
Description = 
 
Error - 28.09.2011 06:10:52 | Computer Name = XXXX-PC | Source = bowser | ID = 8003
Description = 
 
Error - 28.09.2011 08:11:55 | Computer Name = XXXX-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 29.09.2011 02:00:50 | Computer Name = XXXX-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
 
< End of report >
         
--- --- ---

Alt 02.01.2012, 11:16   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Probleme mit Sirefef.P - Standard

Probleme mit Sirefef.P



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50611p015l0454ww35w4752u491
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50611p015l0454ww35w4752u491
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b50611p015l0454ww35w4752u491
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Google.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/ig"
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DeLorme Send To GPS) - {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Programme\DeLorme\SendToGPS\PNPluginForIE.dll (DeLorme)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKCU..\Run: [Facebook Update] C:\Users\XXXX\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [MediaGet2] C:\Users\XXXX\AppData\Local\MediaGet2\mediaget.exe --minimized File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.08.09 06:48:07 | 000,000,001 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.08.09 06:48:07 | 000,000,048 | ---- | M] () - C:\AUTOEXEC.NT -- [ NTFS ]
O33 - MountPoints2\{4cfbd12c-e343-11e0-9fe2-0026c77973a6}\Shell - "" = AutoRun
O33 - MountPoints2\{4cfbd12c-e343-11e0-9fe2-0026c77973a6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{74697c76-b871-11e0-af41-88ae1d9d1ed7}\Shell - "" = AutoRun
O33 - MountPoints2\{74697c76-b871-11e0-af41-88ae1d9d1ed7}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{d40ab779-a70d-11e0-ad8f-88ae1d9d1ed7}\Shell - "" = AutoRun
O33 - MountPoints2\{d40ab779-a70d-11e0-ad8f-88ae1d9d1ed7}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0B9176C0
:Files
C:\Windows\$NtUninstallKB8252$
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.01.2012, 14:22   #8
biberbruder
 
Probleme mit Sirefef.P - Standard

Probleme mit Sirefef.P



Hi cosinus,

danke für die Hilfe, ich habe aber in der Hektik vergessen den Virenscanner (MSE) zu deaktivieren. Hier trotzdem mal das Ergebnis. Soll ich den Fix nochmals ausführen (bei ausgeschaltetem MSE?).

lg

biberbruder

Code:
ATTFilter
 All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Facemoods Search" removed from browser.search.defaultenginename
Prefs.js: "Google.de" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.google.de/ig" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
C:\Programme\Microsoft Office\Office14\URLREDIR.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD}\ deleted successfully.
C:\Programme\DeLorme\SendToGPS\PNPluginForIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
C:\Users\XXXX\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MediaGet2 deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.001 moved successfully.
C:\autoexec.bat moved successfully.
C:\AUTOEXEC.NT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cfbd12c-e343-11e0-9fe2-0026c77973a6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cfbd12c-e343-11e0-9fe2-0026c77973a6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cfbd12c-e343-11e0-9fe2-0026c77973a6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cfbd12c-e343-11e0-9fe2-0026c77973a6}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74697c76-b871-11e0-af41-88ae1d9d1ed7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74697c76-b871-11e0-af41-88ae1d9d1ed7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74697c76-b871-11e0-af41-88ae1d9d1ed7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74697c76-b871-11e0-af41-88ae1d9d1ed7}\ not found.
File F:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d40ab779-a70d-11e0-ad8f-88ae1d9d1ed7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40ab779-a70d-11e0-ad8f-88ae1d9d1ed7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d40ab779-a70d-11e0-ad8f-88ae1d9d1ed7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40ab779-a70d-11e0-ad8f-88ae1d9d1ed7}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
ADS C:\ProgramData\TEMP:CDFF58FE deleted successfully.
ADS C:\ProgramData\TEMP:0B9176C0 deleted successfully.
========== FILES ==========
Folder move failed. C:\Windows\$NtUninstallKB8252$\TxR scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB8252$\systemprofile\Favorites folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Vodafone\Vodafone Mobile Connect\UserData folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Vodafone\Vodafone Mobile Connect\Temp folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Vodafone\Vodafone Mobile Connect\Log folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Vodafone\Vodafone Mobile Connect folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Vodafone folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\SoftGrid Client folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Windows folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Speech\Files\UserLexicons folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Speech\Files folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Speech folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\YIPYZ0KY folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\OZMCBW3A folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\7H7MSCRC folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\3Q55BA5O folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Adobe\Flash Player\AssetCache\6MSMKXHG folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Adobe\Flash Player\AssetCache folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Adobe\Flash Player folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Adobe folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\LocalLow\Microsoft\Silverlight folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\LocalLow\Microsoft folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\LocalLow folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\SoftGrid Client\140066.DEU-90140011-66-407 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\SoftGrid Client folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows Media\12.0 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows Media folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKUHEUZR folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6BCNWQH folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WWDTSR0W folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V2ML6UEJ folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T9QD7GRI folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L7B00WVC folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KBEX0IQM folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7U81SSK8 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\15CPIK7N folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011122920111230 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011122820111229 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011090420110905 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011090320110904 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011090220110903 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011082920110830 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011082220110829 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011082120110822 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011081920110820 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011081220110813 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011081120110812 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011080920110810 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\History folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Caches folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Portable Devices folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\MX1TTIXW folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\FXBCEF5O folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\EMWFX159 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\AX8MGCB5 folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Internet Explorer folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Google\Update\Manifest\Initial folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Google\Update\Manifest folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Google\Update folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Google\Custom Buttons folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Google\CrashReports folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Google folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\RegBack scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB8252$\Journal folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB8252$ scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: XXXX
->Temp folder emptied: 511140193 bytes
->Temporary Internet Files folder emptied: 63882024 bytes
->Java cache emptied: 169274 bytes
->FireFox cache emptied: 129031009 bytes
->Flash cache emptied: 16913 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 728609514 bytes
RecycleBin emptied: 198255 bytes
 
Total Files Cleaned = 1.367,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01022012_140115

Files\Folders moved on Reboot...
Folder move failed. C:\Windows\$NtUninstallKB8252$\TxR scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows\Caches folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft\Windows folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local\Microsoft folder moved successfully.
C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Local folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\RegBack scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\TxR scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$\RegBack scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB8252$ scheduled to be moved on reboot.
File\Folder C:\Users\XXXX\AppData\Local\Temp\OICE_9A42B645-2FD4-4A38-9FBB-D9BD604C9A89.0\DEFE982C. not found!

Registry entries deleted on Reboot...
         

Alt 02.01.2012, 14:34   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Probleme mit Sirefef.P - Standard

Probleme mit Sirefef.P



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.01.2012, 14:48   #10
biberbruder
 
Probleme mit Sirefef.P - Standard

Probleme mit Sirefef.P



Hi cosinus,

dies ist der Report:

Code:
ATTFilter
 
14:41:39.0777 2404	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
14:41:40.0103 2404	============================================================
14:41:40.0103 2404	Current date / time: 2012/01/02 14:41:40.0103
14:41:40.0103 2404	SystemInfo:
14:41:40.0103 2404	
14:41:40.0104 2404	OS Version: 6.1.7601 ServicePack: 1.0
14:41:40.0104 2404	Product type: Workstation
14:41:40.0104 2404	ComputerName: JAAG-PC
14:41:40.0104 2404	UserName: Jaag
14:41:40.0104 2404	Windows directory: C:\Windows
14:41:40.0104 2404	System windows directory: C:\Windows
14:41:40.0105 2404	Processor architecture: Intel x86
14:41:40.0105 2404	Number of processors: 4
14:41:40.0105 2404	Page size: 0x1000
14:41:40.0105 2404	Boot type: Normal boot
14:41:40.0105 2404	============================================================
14:41:43.0131 2404	Initialize success
14:43:29.0729 5904	============================================================
14:43:29.0729 5904	Scan started
14:43:29.0729 5904	Mode: Manual; SigCheck; TDLFS; 
14:43:29.0729 5904	============================================================
14:43:31.0162 5904	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
14:43:31.0665 5904	1394ohci - ok
14:43:31.0781 5904	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
14:43:31.0865 5904	ACPI - ok
14:43:31.0933 5904	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
14:43:32.0116 5904	AcpiPmi - ok
14:43:32.0242 5904	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
14:43:32.0366 5904	adp94xx - ok
14:43:32.0478 5904	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
14:43:32.0607 5904	adpahci - ok
14:43:32.0717 5904	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
14:43:32.0851 5904	adpu320 - ok
14:43:33.0003 5904	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
14:43:33.0234 5904	AFD - ok
14:43:33.0348 5904	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
14:43:33.0417 5904	agp440 - ok
14:43:33.0487 5904	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
14:43:33.0600 5904	aic78xx - ok
14:43:33.0768 5904	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
14:43:33.0828 5904	aliide - ok
14:43:33.0862 5904	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
14:43:33.0943 5904	amdagp - ok
14:43:34.0047 5904	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
14:43:34.0155 5904	amdide - ok
14:43:34.0293 5904	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
14:43:34.0504 5904	AmdK8 - ok
14:43:34.0623 5904	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
14:43:34.0729 5904	AmdPPM - ok
14:43:34.0795 5904	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
14:43:34.0882 5904	amdsata - ok
14:43:35.0005 5904	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
14:43:35.0103 5904	amdsbs - ok
14:43:35.0143 5904	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
14:43:35.0201 5904	amdxata - ok
14:43:35.0258 5904	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
14:43:35.0489 5904	AppID - ok
14:43:35.0657 5904	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
14:43:35.0720 5904	arc - ok
14:43:35.0738 5904	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
14:43:35.0829 5904	arcsas - ok
14:43:35.0939 5904	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
14:43:36.0175 5904	AsyncMac - ok
14:43:36.0300 5904	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
14:43:36.0406 5904	atapi - ok
14:43:36.0557 5904	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
14:43:36.0783 5904	b06bdrv - ok
14:43:36.0903 5904	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:43:37.0012 5904	b57nd60x - ok
14:43:37.0161 5904	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
14:43:37.0326 5904	Beep - ok
14:43:37.0461 5904	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\drivers\blbdrive.sys
14:43:37.0582 5904	blbdrive - ok
14:43:37.0693 5904	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
14:43:37.0876 5904	bowser - ok
14:43:37.0971 5904	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
14:43:38.0167 5904	BrFiltLo - ok
14:43:38.0271 5904	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
14:43:38.0404 5904	BrFiltUp - ok
14:43:38.0533 5904	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
14:43:38.0712 5904	Brserid - ok
14:43:38.0814 5904	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
14:43:38.0951 5904	BrSerWdm - ok
14:43:39.0061 5904	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:43:39.0185 5904	BrUsbMdm - ok
14:43:39.0281 5904	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
14:43:39.0367 5904	BrUsbSer - ok
14:43:39.0487 5904	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
14:43:39.0665 5904	BthEnum - ok
14:43:39.0767 5904	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
14:43:39.0873 5904	BTHMODEM - ok
14:43:39.0976 5904	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
14:43:40.0082 5904	BthPan - ok
14:43:40.0202 5904	BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
14:43:40.0332 5904	BTHPORT - ok
14:43:40.0437 5904	BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
14:43:40.0533 5904	BTHUSB - ok
14:43:40.0599 5904	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
14:43:40.0782 5904	cdfs - ok
14:43:40.0923 5904	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
14:43:41.0033 5904	cdrom - ok
14:43:41.0171 5904	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
14:43:41.0288 5904	circlass - ok
14:43:41.0389 5904	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
14:43:41.0533 5904	CLFS - ok
14:43:41.0675 5904	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
14:43:41.0788 5904	CmBatt - ok
14:43:41.0894 5904	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
14:43:41.0965 5904	cmdide - ok
14:43:42.0026 5904	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
14:43:42.0179 5904	CNG - ok
14:43:42.0367 5904	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
14:43:42.0423 5904	Compbatt - ok
14:43:42.0535 5904	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
14:43:42.0633 5904	CompositeBus - ok
14:43:42.0747 5904	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
14:43:42.0803 5904	crcdisk - ok
14:43:42.0943 5904	CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
14:43:43.0142 5904	CSC - ok
14:43:43.0299 5904	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
14:43:43.0426 5904	DfsC - ok
14:43:43.0538 5904	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
14:43:43.0672 5904	discache - ok
14:43:43.0795 5904	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
14:43:43.0879 5904	Disk - ok
14:43:44.0042 5904	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
14:43:44.0133 5904	drmkaud - ok
14:43:44.0294 5904	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
14:43:44.0444 5904	DXGKrnl - ok
14:43:44.0641 5904	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
14:43:44.0961 5904	ebdrv - ok
14:43:45.0106 5904	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
14:43:45.0224 5904	elxstor - ok
14:43:45.0357 5904	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
14:43:45.0446 5904	ErrDev - ok
14:43:45.0598 5904	EUCR            (4fab8dfaf156e048ad514eabd268ab3a) C:\Windows\system32\DRIVERS\EUCR6SK.SYS
14:43:45.0746 5904	EUCR - ok
14:43:45.0865 5904	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
14:43:46.0008 5904	exfat - ok
14:43:46.0040 5904	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
14:43:46.0177 5904	fastfat - ok
14:43:46.0299 5904	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
14:43:46.0409 5904	fdc - ok
14:43:46.0501 5904	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
14:43:46.0614 5904	FileInfo - ok
14:43:46.0726 5904	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
14:43:46.0863 5904	Filetrace - ok
14:43:46.0997 5904	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
14:43:47.0078 5904	flpydisk - ok
14:43:47.0180 5904	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
14:43:47.0318 5904	FltMgr - ok
14:43:47.0445 5904	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
14:43:47.0527 5904	FsDepends - ok
14:43:47.0568 5904	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
14:43:47.0634 5904	Fs_Rec - ok
14:43:47.0751 5904	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
14:43:47.0862 5904	fvevol - ok
14:43:47.0904 5904	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
14:43:47.0982 5904	gagp30kx - ok
14:43:48.0112 5904	grmnusb         (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys
14:43:48.0268 5904	grmnusb - ok
14:43:48.0407 5904	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
14:43:48.0562 5904	hcw85cir - ok
14:43:48.0687 5904	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
14:43:48.0816 5904	HdAudAddService - ok
14:43:48.0938 5904	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
14:43:49.0033 5904	HDAudBus - ok
14:43:49.0074 5904	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
14:43:49.0181 5904	HidBatt - ok
14:43:49.0286 5904	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
14:43:49.0404 5904	HidBth - ok
14:43:49.0518 5904	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
14:43:49.0614 5904	HidIr - ok
14:43:49.0740 5904	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
14:43:49.0813 5904	HidUsb - ok
14:43:49.0860 5904	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
14:43:49.0965 5904	HpSAMD - ok
14:43:50.0077 5904	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
14:43:50.0269 5904	HTTP - ok
14:43:50.0319 5904	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
14:43:50.0372 5904	hwpolicy - ok
14:43:50.0509 5904	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
14:43:50.0613 5904	i8042prt - ok
14:43:50.0746 5904	iaStor          (0baa4115dfffd6a6d809a89d65e1281a) C:\Windows\system32\drivers\iaStor.sys
14:43:50.0915 5904	iaStor - ok
14:43:51.0034 5904	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
14:43:51.0149 5904	iaStorV - ok
14:43:51.0360 5904	igfx            (d0074897c6bc132f3980ea4654bf7fb9) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:43:51.0760 5904	igfx - ok
14:43:51.0869 5904	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
14:43:51.0930 5904	iirsp - ok
14:43:52.0086 5904	IntcAzAudAddService (2a1acec9da72b39188f007437da3b008) C:\Windows\system32\drivers\RTKVHDA.sys
14:43:52.0350 5904	IntcAzAudAddService - ok
14:43:52.0441 5904	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
14:43:52.0531 5904	intelide - ok
14:43:52.0794 5904	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
14:43:52.0897 5904	intelppm - ok
14:43:53.0014 5904	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:43:53.0145 5904	IpFilterDriver - ok
14:43:53.0276 5904	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
14:43:53.0392 5904	IPMIDRV - ok
14:43:53.0510 5904	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
14:43:53.0659 5904	IPNAT - ok
14:43:53.0793 5904	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
14:43:53.0940 5904	IRENUM - ok
14:43:54.0055 5904	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
14:43:54.0119 5904	isapnp - ok
14:43:54.0155 5904	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
14:43:54.0252 5904	iScsiPrt - ok
14:43:54.0381 5904	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:43:54.0453 5904	kbdclass - ok
14:43:54.0503 5904	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
14:43:54.0643 5904	kbdhid - ok
14:43:54.0754 5904	KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
14:43:54.0848 5904	KSecDD - ok
14:43:54.0892 5904	KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
14:43:54.0966 5904	KSecPkg - ok
14:43:55.0070 5904	L1C             (12de252a44c344a7a044b3c1190df63b) C:\Windows\system32\DRIVERS\L1C62x86.sys
14:43:55.0125 5904	L1C - ok
14:43:55.0251 5904	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
14:43:55.0380 5904	lltdio - ok
14:43:55.0455 5904	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
14:43:55.0544 5904	LSI_FC - ok
14:43:55.0665 5904	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
14:43:55.0728 5904	LSI_SAS - ok
14:43:55.0754 5904	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
14:43:55.0816 5904	LSI_SAS2 - ok
14:43:55.0845 5904	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
14:43:55.0908 5904	LSI_SCSI - ok
14:43:55.0948 5904	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
14:43:56.0128 5904	luafv - ok
14:43:56.0240 5904	massfilter      (f0435fe3c1ec2659d2bbf073ca0752ee) C:\Windows\system32\DRIVERS\massfilter.sys
14:43:56.0347 5904	massfilter - ok
14:43:56.0469 5904	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
14:43:56.0566 5904	MBAMProtector - ok
14:43:56.0716 5904	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
14:43:56.0791 5904	megasas - ok
14:43:56.0862 5904	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
14:43:56.0937 5904	MegaSR - ok
14:43:57.0053 5904	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
14:43:57.0188 5904	Modem - ok
14:43:57.0314 5904	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
14:43:57.0404 5904	monitor - ok
14:43:57.0448 5904	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
14:43:57.0519 5904	mouclass - ok
14:43:57.0625 5904	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
14:43:57.0699 5904	mouhid - ok
14:43:57.0742 5904	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
14:43:57.0827 5904	mountmgr - ok
14:43:57.0933 5904	MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
14:43:58.0040 5904	MpFilter - ok
14:43:58.0074 5904	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
14:43:58.0185 5904	mpio - ok
14:43:58.0290 5904	MpKsl03a4c6da - ok
14:43:58.0337 5904	MpKsl0415a17a - ok
14:43:58.0489 5904	MpKsl0ce4fbda - ok
14:43:58.0585 5904	MpKsl0fec7b90 - ok
14:43:58.0650 5904	MpKsl196bd21b - ok
14:43:58.0760 5904	MpKsl2607df49 - ok
14:43:58.0870 5904	MpKsl264939d0 - ok
14:43:58.0995 5904	MpKsl29daf26c - ok
14:43:59.0105 5904	MpKsl2ff64951 - ok
14:43:59.0215 5904	MpKsl3157fefe - ok
14:43:59.0314 5904	MpKsl32784dd6 - ok
14:43:59.0371 5904	MpKsl39de850c - ok
14:43:59.0415 5904	MpKsl3b15d3df - ok
14:43:59.0534 5904	MpKsl3b20d1df - ok
14:43:59.0758 5904	MpKsl3d91ac19   (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0EBD368F-E828-457E-BDC1-CBB385C672EC}\MpKsl3d91ac19.sys
14:43:59.0877 5904	MpKsl3d91ac19 - ok
14:43:59.0949 5904	MpKsl42ad931c - ok
14:44:00.0015 5904	MpKsl4b58eb93 - ok
14:44:00.0064 5904	MpKsl530ba384 - ok
14:44:00.0124 5904	MpKsl56cbc87c - ok
14:44:00.0183 5904	MpKsl591c3512 - ok
14:44:00.0278 5904	MpKsl5dd51386 - ok
14:44:00.0333 5904	MpKsl60a39861 - ok
14:44:00.0377 5904	MpKsl66ddca17 - ok
14:44:00.0406 5904	MpKsl73a19290 - ok
14:44:00.0454 5904	MpKsl8250f1ca - ok
14:44:00.0496 5904	MpKsl87dd9996 - ok
14:44:00.0524 5904	MpKsl8c8877d0 - ok
14:44:00.0556 5904	MpKsl9adc85e3 - ok
14:44:00.0654 5904	MpKsla2d8ff97   (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0EBD368F-E828-457E-BDC1-CBB385C672EC}\MpKsla2d8ff97.sys
14:44:00.0724 5904	MpKsla2d8ff97 - ok
14:44:00.0747 5904	MpKslabc6275f - ok
14:44:00.0779 5904	MpKslacd9d4c8 - ok
14:44:00.0839 5904	MpKslad072f99 - ok
14:44:00.0861 5904	MpKslafa01a84 - ok
14:44:00.0887 5904	MpKslbed8239e - ok
14:44:00.0914 5904	MpKslcf848c6c - ok
14:44:00.0931 5904	MpKsld47cdf20 - ok
14:44:00.0954 5904	MpKsld6316ddf - ok
14:44:01.0006 5904	MpKsld7678723 - ok
14:44:01.0029 5904	MpKslf78ff9e9 - ok
14:44:01.0051 5904	MpKslf96a787e - ok
14:44:01.0144 5904	MpNWMon         (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
14:44:01.0238 5904	MpNWMon - ok
14:44:01.0284 5904	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
14:44:01.0419 5904	mpsdrv - ok
14:44:01.0614 5904	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
14:44:01.0749 5904	MRxDAV - ok
14:44:01.0844 5904	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:44:01.0981 5904	mrxsmb - ok
14:44:02.0086 5904	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:44:02.0193 5904	mrxsmb10 - ok
14:44:02.0315 5904	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:44:02.0418 5904	mrxsmb20 - ok
14:44:02.0528 5904	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
14:44:02.0600 5904	msahci - ok
14:44:02.0701 5904	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
14:44:02.0796 5904	msdsm - ok
14:44:02.0918 5904	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
14:44:03.0022 5904	Msfs - ok
14:44:03.0077 5904	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
14:44:03.0175 5904	mshidkmdf - ok
14:44:03.0236 5904	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
14:44:03.0291 5904	msisadrv - ok
14:44:03.0421 5904	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
14:44:03.0553 5904	MSKSSRV - ok
14:44:03.0705 5904	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
14:44:03.0832 5904	MSPCLOCK - ok
14:44:03.0949 5904	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
14:44:04.0073 5904	MSPQM - ok
14:44:04.0169 5904	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
14:44:04.0236 5904	MsRPC - ok
14:44:04.0303 5904	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
14:44:04.0393 5904	mssmbios - ok
14:44:04.0540 5904	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
14:44:04.0658 5904	MSTEE - ok
14:44:04.0746 5904	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
14:44:04.0824 5904	MTConfig - ok
14:44:04.0884 5904	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
14:44:04.0952 5904	Mup - ok
14:44:05.0052 5904	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
14:44:05.0188 5904	NativeWifiP - ok
14:44:05.0300 5904	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
14:44:05.0458 5904	NDIS - ok
14:44:05.0626 5904	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
14:44:05.0757 5904	NdisCap - ok
14:44:05.0862 5904	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
14:44:05.0996 5904	NdisTapi - ok
14:44:06.0109 5904	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
14:44:06.0244 5904	Ndisuio - ok
14:44:06.0294 5904	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
14:44:06.0447 5904	NdisWan - ok
14:44:06.0560 5904	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
14:44:06.0695 5904	NDProxy - ok
14:44:06.0816 5904	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
14:44:06.0952 5904	NetBIOS - ok
14:44:06.0990 5904	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
14:44:07.0190 5904	NetBT - ok
14:44:07.0536 5904	NETw5s32        (a520aed8926ad6185031b9b18f55397e) C:\Windows\system32\DRIVERS\NETw5s32.sys
14:44:07.0992 5904	NETw5s32 - ok
14:44:08.0115 5904	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
14:44:08.0183 5904	nfrd960 - ok
14:44:08.0250 5904	NisDrv          (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:44:08.0346 5904	NisDrv - ok
14:44:08.0455 5904	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
14:44:08.0581 5904	Npfs - ok
14:44:08.0641 5904	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
14:44:08.0747 5904	nsiproxy - ok
14:44:08.0819 5904	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
14:44:09.0190 5904	Ntfs - ok
14:44:09.0291 5904	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
14:44:09.0406 5904	Null - ok
14:44:09.0502 5904	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
14:44:09.0571 5904	nvraid - ok
14:44:09.0628 5904	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
14:44:09.0698 5904	nvstor - ok
14:44:09.0824 5904	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
14:44:09.0900 5904	nv_agp - ok
14:44:10.0013 5904	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
14:44:10.0130 5904	ohci1394 - ok
14:44:10.0312 5904	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
14:44:10.0401 5904	Parport - ok
14:44:10.0455 5904	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
14:44:10.0522 5904	partmgr - ok
14:44:10.0591 5904	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
14:44:10.0671 5904	Parvdm - ok
14:44:10.0750 5904	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
14:44:10.0824 5904	pci - ok
14:44:10.0876 5904	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
14:44:10.0929 5904	pciide - ok
14:44:10.0970 5904	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
14:44:11.0048 5904	pcmcia - ok
14:44:11.0077 5904	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
14:44:11.0137 5904	pcw - ok
14:44:11.0188 5904	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
14:44:11.0374 5904	PEAUTH - ok
14:44:11.0574 5904	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
14:44:11.0707 5904	PptpMiniport - ok
14:44:11.0744 5904	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
14:44:11.0831 5904	Processor - ok
14:44:11.0966 5904	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
14:44:12.0102 5904	Psched - ok
14:44:12.0258 5904	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
14:44:12.0419 5904	ql2300 - ok
14:44:12.0464 5904	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
14:44:12.0549 5904	ql40xx - ok
14:44:12.0605 5904	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
14:44:12.0680 5904	QWAVEdrv - ok
14:44:12.0743 5904	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
14:44:12.0890 5904	RasAcd - ok
14:44:12.0954 5904	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:44:13.0105 5904	RasAgileVpn - ok
14:44:13.0215 5904	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:44:13.0344 5904	Rasl2tp - ok
14:44:13.0478 5904	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
14:44:13.0595 5904	RasPppoe - ok
14:44:13.0628 5904	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
14:44:13.0762 5904	RasSstp - ok
14:44:13.0877 5904	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
14:44:14.0051 5904	rdbss - ok
14:44:14.0166 5904	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
14:44:14.0258 5904	rdpbus - ok
14:44:14.0374 5904	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:44:14.0494 5904	RDPCDD - ok
14:44:14.0616 5904	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
14:44:14.0799 5904	RDPDR - ok
14:44:14.0923 5904	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
14:44:15.0041 5904	RDPENCDD - ok
14:44:15.0084 5904	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
14:44:15.0195 5904	RDPREFMP - ok
14:44:15.0359 5904	RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
14:44:15.0540 5904	RdpVideoMiniport - ok
14:44:15.0643 5904	RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
14:44:15.0757 5904	RDPWD - ok
14:44:15.0812 5904	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
14:44:15.0900 5904	rdyboost - ok
14:44:16.0015 5904	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
14:44:16.0120 5904	RFCOMM - ok
14:44:16.0273 5904	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
14:44:16.0399 5904	rspndr - ok
14:44:16.0542 5904	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
14:44:16.0610 5904	sbp2port - ok
14:44:16.0665 5904	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
14:44:16.0786 5904	scfilter - ok
14:44:16.0931 5904	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:44:17.0083 5904	secdrv - ok
14:44:17.0235 5904	Ser2pl          (b97e1d0e59a128394f24e9f31e227ef2) C:\Windows\system32\DRIVERS\ser2pl.sys
14:44:17.0325 5904	Ser2pl - ok
14:44:17.0431 5904	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
14:44:17.0515 5904	Serenum - ok
14:44:17.0561 5904	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
14:44:17.0744 5904	Serial - ok
14:44:17.0851 5904	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
14:44:17.0952 5904	sermouse - ok
14:44:18.0097 5904	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
14:44:18.0221 5904	sffdisk - ok
14:44:18.0325 5904	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
14:44:18.0431 5904	sffp_mmc - ok
14:44:18.0543 5904	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
14:44:18.0637 5904	sffp_sd - ok
14:44:18.0746 5904	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
14:44:18.0846 5904	sfloppy - ok
14:44:18.0992 5904	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
14:44:19.0084 5904	sisagp - ok
14:44:19.0181 5904	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
14:44:19.0238 5904	SiSRaid2 - ok
14:44:19.0262 5904	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
14:44:19.0329 5904	SiSRaid4 - ok
14:44:19.0363 5904	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
14:44:19.0484 5904	Smb - ok
14:44:19.0541 5904	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
14:44:19.0618 5904	spldr - ok
14:44:19.0784 5904	sptd            (8ea0fd60a5b047e0c734d51aace531c9) C:\Windows\System32\Drivers\sptd.sys
14:44:19.0785 5904	Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 8ea0fd60a5b047e0c734d51aace531c9
14:44:19.0788 5904	sptd ( LockedFile.Multi.Generic ) - warning
14:44:19.0788 5904	sptd - detected LockedFile.Multi.Generic (1)
14:44:19.0841 5904	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
14:44:20.0002 5904	srv - ok
14:44:20.0120 5904	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
14:44:20.0203 5904	srv2 - ok
14:44:20.0236 5904	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
14:44:20.0340 5904	srvnet - ok
14:44:20.0455 5904	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
14:44:20.0511 5904	stexstor - ok
14:44:20.0558 5904	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
14:44:20.0619 5904	swenum - ok
14:44:20.0661 5904	Synth3dVsc - ok
14:44:20.0721 5904	SynTP           (5cdd124913e91c7f79b4d5cae1c7c4de) C:\Windows\system32\DRIVERS\SynTP.sys
14:44:20.0792 5904	SynTP - ok
14:44:20.0978 5904	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
14:44:21.0154 5904	Tcpip - ok
14:44:21.0318 5904	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
14:44:21.0469 5904	TCPIP6 - ok
14:44:21.0579 5904	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
14:44:21.0696 5904	tcpipreg - ok
14:44:21.0757 5904	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
14:44:21.0876 5904	TDPIPE - ok
14:44:21.0967 5904	TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
14:44:22.0081 5904	TDTCP - ok
14:44:22.0168 5904	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
14:44:22.0283 5904	tdx - ok
14:44:22.0320 5904	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
14:44:22.0403 5904	TermDD - ok
14:44:22.0576 5904	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:44:22.0687 5904	tssecsrv - ok
14:44:22.0815 5904	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
14:44:23.0018 5904	TsUsbFlt - ok
14:44:23.0108 5904	tsusbhub - ok
14:44:23.0179 5904	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
14:44:23.0306 5904	tunnel - ok
14:44:23.0425 5904	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
14:44:23.0495 5904	uagp35 - ok
14:44:23.0539 5904	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
14:44:23.0675 5904	udfs - ok
14:44:23.0853 5904	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
14:44:23.0925 5904	uliagpkx - ok
14:44:24.0027 5904	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
14:44:24.0123 5904	umbus - ok
14:44:24.0241 5904	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
14:44:24.0317 5904	UmPass - ok
14:44:24.0398 5904	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
14:44:24.0525 5904	usbccgp - ok
14:44:24.0637 5904	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
14:44:24.0733 5904	usbcir - ok
14:44:24.0784 5904	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
14:44:24.0869 5904	usbehci - ok
14:44:24.0980 5904	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
14:44:25.0102 5904	usbhub - ok
14:44:25.0214 5904	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
14:44:25.0298 5904	usbohci - ok
14:44:25.0414 5904	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
14:44:25.0566 5904	usbprint - ok
14:44:25.0686 5904	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
14:44:25.0780 5904	usbscan - ok
14:44:25.0828 5904	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:44:25.0947 5904	USBSTOR - ok
14:44:26.0047 5904	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
14:44:26.0128 5904	usbuhci - ok
14:44:26.0189 5904	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
14:44:26.0289 5904	usbvideo - ok
14:44:26.0426 5904	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
14:44:26.0489 5904	vdrvroot - ok
14:44:26.0572 5904	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
14:44:26.0665 5904	vga - ok
14:44:26.0772 5904	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
14:44:26.0892 5904	VgaSave - ok
14:44:26.0910 5904	VGPU - ok
14:44:26.0968 5904	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
14:44:27.0040 5904	vhdmp - ok
14:44:27.0168 5904	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
14:44:27.0238 5904	viaagp - ok
14:44:27.0278 5904	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
14:44:27.0364 5904	ViaC7 - ok
14:44:27.0414 5904	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
14:44:27.0499 5904	viaide - ok
14:44:27.0624 5904	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
14:44:27.0697 5904	volmgr - ok
14:44:27.0739 5904	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
14:44:27.0823 5904	volmgrx - ok
14:44:27.0878 5904	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
14:44:27.0965 5904	volsnap - ok
14:44:28.0018 5904	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
14:44:28.0089 5904	vsmraid - ok
14:44:28.0128 5904	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
14:44:28.0214 5904	vwifibus - ok
14:44:28.0260 5904	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
14:44:28.0337 5904	vwififlt - ok
14:44:28.0428 5904	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
14:44:28.0515 5904	vwifimp - ok
14:44:28.0576 5904	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
14:44:28.0677 5904	WacomPen - ok
14:44:28.0799 5904	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:44:28.0937 5904	WANARP - ok
14:44:28.0955 5904	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:44:29.0069 5904	Wanarpv6 - ok
14:44:29.0295 5904	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
14:44:29.0352 5904	Wd - ok
14:44:29.0404 5904	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:44:29.0497 5904	Wdf01000 - ok
14:44:29.0706 5904	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
14:44:29.0833 5904	WfpLwf - ok
14:44:30.0096 5904	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
14:44:30.0163 5904	WIMMount - ok
14:44:30.0386 5904	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
14:44:30.0467 5904	WmiAcpi - ok
14:44:30.0730 5904	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
14:44:30.0864 5904	ws2ifsl - ok
14:44:31.0012 5904	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
14:44:31.0149 5904	WudfPf - ok
14:44:31.0267 5904	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:44:31.0377 5904	WUDFRd - ok
14:44:31.0530 5904	ZTEusbmdm6k     (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
14:44:31.0675 5904	ZTEusbmdm6k - ok
14:44:31.0774 5904	ZTEusbnet       (9862f9d2ff50ae748ed42c022e6aac15) C:\Windows\system32\DRIVERS\ZTEusbnet.sys
14:44:31.0907 5904	ZTEusbnet - ok
14:44:32.0019 5904	ZTEusbnmea      (f16ce3c7690ab7426dc96520d54a737e) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
14:44:32.0192 5904	ZTEusbnmea - ok
14:44:32.0302 5904	ZTEusbser6k     (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
14:44:32.0389 5904	ZTEusbser6k - ok
14:44:32.0430 5904	ZTEusbvoice     (f16ce3c7690ab7426dc96520d54a737e) C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
14:44:32.0521 5904	ZTEusbvoice - ok
14:44:32.0598 5904	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:44:32.0826 5904	\Device\Harddisk0\DR0 - ok
14:44:32.0843 5904	Boot (0x1200)   (a06662882eb9310df21722fe53a799e9) \Device\Harddisk0\DR0\Partition0
14:44:32.0845 5904	\Device\Harddisk0\DR0\Partition0 - ok
14:44:32.0861 5904	Boot (0x1200)   (00fbd6a8de93ed48f849a37cbe59a8f8) \Device\Harddisk0\DR0\Partition1
14:44:32.0863 5904	\Device\Harddisk0\DR0\Partition1 - ok
14:44:32.0882 5904	Boot (0x1200)   (886be5f3db714a0808fbd86a07cf5a56) \Device\Harddisk0\DR0\Partition2
14:44:32.0885 5904	\Device\Harddisk0\DR0\Partition2 - ok
14:44:32.0886 5904	============================================================
14:44:32.0886 5904	Scan finished
14:44:32.0886 5904	============================================================
14:44:32.0923 4236	Detected object count: 1
14:44:32.0923 4236	Actual detected object count: 1
14:44:48.0028 4236	sptd ( LockedFile.Multi.Generic ) - skipped by user
14:44:48.0028 4236	sptd ( LockedFile.Multi.Generic ) - User select action: Skip
         
Sieht gar nicht so schlecht aus, oder?

Alt 02.01.2012, 15:07   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Probleme mit Sirefef.P - Standard

Probleme mit Sirefef.P



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.01.2012, 16:11   #12
biberbruder
 
Probleme mit Sirefef.P - Standard

Probleme mit Sirefef.P



Hi cosinus,

hier der Bericht von CF:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-01-02.01 - XXXX 02.01.2012  15:26:17.1.4 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.1013.388 [GMT 1:00]
ausgeführt von:: c:\users\XXXX\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\XXXX\Documents\~WRL0003.tmp
c:\windows\$NtUninstallKB8252$
c:\windows\$NtUninstallKB8252$\3152536925
c:\windows\$NtUninstallKB8252$\3954193523\@
c:\windows\$NtUninstallKB8252$\3954193523\L\xadqgnnk
c:\windows\$NtUninstallKB8252$\3954193523\loader.tlb
c:\windows\$NtUninstallKB8252$\3954193523\U\@00000001
c:\windows\$NtUninstallKB8252$\3954193523\U\@000000c0
c:\windows\$NtUninstallKB8252$\3954193523\U\@000000cb
c:\windows\$NtUninstallKB8252$\3954193523\U\@000000cf
c:\windows\$NtUninstallKB8252$\3954193523\U\@80000000
c:\windows\$NtUninstallKB8252$\3954193523\U\@800000c0
c:\windows\$NtUninstallKB8252$\3954193523\U\@800000cb
c:\windows\$NtUninstallKB8252$\3954193523\U\@800000cf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-02 bis 2012-01-02  ))))))))))))))))))))))))))))))
.
.
2012-01-02 14:44 . 2012-01-02 14:47	--------	d-----w-	c:\users\XXXX\AppData\Local\temp
2012-01-02 14:44 . 2012-01-02 14:44	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-02 14:35 . 2012-01-02 14:46	56200	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B23F984-7874-413C-B169-8E70F000B7DE}\offreg.dll
2012-01-02 14:35 . 2011-11-21 10:47	6823496	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B23F984-7874-413C-B169-8E70F000B7DE}\mpengine.dll
2012-01-02 14:22 . 2011-04-25 02:18	338944	----a-w-	c:\windows\system32\drivers\afd.sys
2012-01-02 13:01 . 2012-01-02 13:01	--------	d-----w-	C:\_OTL
2011-12-31 06:18 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-30 19:54 . 2011-12-30 19:54	--------	d-----w-	c:\users\XXXX\AppData\Local\Amazon
2011-12-30 19:54 . 2011-12-30 19:54	--------	d-----w-	c:\program files\Amazon
2011-12-30 14:08 . 2011-11-24 04:25	2342912	----a-w-	c:\windows\system32\win32k.sys
2011-12-30 14:08 . 2011-11-05 04:26	2048	----a-w-	c:\windows\system32\tzres.dll
2011-12-30 14:07 . 2011-10-15 05:38	534528	----a-w-	c:\windows\system32\EncDec.dll
2011-12-30 14:07 . 2011-10-26 04:28	38912	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-30 14:06 . 2011-10-26 04:47	3912560	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-12-30 14:06 . 2011-10-26 04:47	3967856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-12-30 04:56 . 2011-12-30 04:56	--------	d-----w-	c:\program files\ESET
2011-12-29 17:18 . 2011-12-29 17:18	--------	d-----w-	c:\users\XXXX\AppData\Roaming\Malwarebytes
2011-12-29 17:17 . 2011-12-29 17:17	--------	d-----w-	c:\programdata\Malwarebytes
2011-12-29 17:17 . 2011-12-31 06:18	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-12-26 18:04 . 2011-12-30 13:37	--------	d-----w-	C:\Closeall
2011-12-14 11:22 . 2011-12-14 11:22	--------	d-----w-	c:\users\XXXX\AppData\Roaming\Rovio
2011-12-14 11:20 . 2011-12-30 13:37	--------	d-----w-	c:\program files\AngryBirds
2011-12-14 09:18 . 2011-12-30 13:37	--------	d-----w-	c:\program files\Finale 2009 Demo
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-27 08:46 . 2011-11-27 08:46	1409	----a-w-	c:\windows\QTFont.for
2011-11-21 10:47 . 2011-08-01 19:21	6823496	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-18 13:32 . 2011-11-18 13:32	499712	----a-w-	c:\windows\system32\msvcp71.dll
2011-11-18 13:32 . 2011-11-18 13:32	348160	----a-w-	c:\windows\system32\msvcr71.dll
2011-11-11 18:36 . 2011-06-05 14:32	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 07:30 . 2011-10-11 07:31	703824	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91F289DD-5888-4D1D-A290-EC24EF7F5FB1}\gapaengine.dll
2010-03-31 09:09 . 2010-03-31 09:09	10437264	----a-w-	c:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 11:36 . 2010-04-08 11:36	107760	----a-w-	c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2011-11-10 05:35 . 2011-06-05 14:21	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-22 9292392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-16 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-11-18 296056]
"Uniboard virtual printer agent"="c:\program files\Uniboard 4\ubrdagent.exe" [2009-08-27 94208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]
2010-06-11 12:28	715296	----a-w-	c:\program files\Acer\Acer ePower Management\ePowerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AndroidManager]
2010-01-08 09:47	508280	----a-w-	c:\program files\Acer\Android Manager\AML.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus SX525WD(Netzwerk)]
2011-07-19 06:02	201216	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\E_FATIGAE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-20 17:47	136176	----atw-	c:\users\XXXX\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPatchData]
2010-11-30 02:13	489848	----a-w-	c:\program files\Acer\Updater\iUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSyncData]
2010-01-08 09:53	407416	----a-w-	c:\program files\Acer\Android Manager\iSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2010-06-22 06:34	968272	----a-w-	c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2009-04-20 16:20	2327552	----a-w-	c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 MpKsl03a4c6da;MpKsl03a4c6da;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C195B4E7-D3D0-4BD3-ADC8-ACAD45D99179}\MpKsl03a4c6da.sys [x]
R1 MpKsl0415a17a;MpKsl0415a17a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7CAFB7B-B1A4-4BC6-965D-53A2EBFF0EC6}\MpKsl0415a17a.sys [x]
R1 MpKsl0ce4fbda;MpKsl0ce4fbda;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{226C1614-04E9-4FA7-8A85-43351DF1452E}\MpKsl0ce4fbda.sys [x]
R1 MpKsl0fec7b90;MpKsl0fec7b90;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5363F6DE-C0E9-42E1-9D19-A6A03AF97927}\MpKsl0fec7b90.sys [x]
R1 MpKsl196bd21b;MpKsl196bd21b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F583F41C-7C3C-428A-9F94-0241211680EA}\MpKsl196bd21b.sys [x]
R1 MpKsl2607df49;MpKsl2607df49;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC8F7EFF-663D-47CA-8E8D-A2F08CB20CA1}\MpKsl2607df49.sys [x]
R1 MpKsl264939d0;MpKsl264939d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44B8F922-8674-4361-9D4A-6F7BC90D132A}\MpKsl264939d0.sys [x]
R1 MpKsl29daf26c;MpKsl29daf26c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{739B6494-E1F8-4F3E-A4AD-2635939D4307}\MpKsl29daf26c.sys [x]
R1 MpKsl2ff64951;MpKsl2ff64951;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44B8F922-8674-4361-9D4A-6F7BC90D132A}\MpKsl2ff64951.sys [x]
R1 MpKsl3157fefe;MpKsl3157fefe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8F9B1DF-A4A6-4053-B1B5-AFF15E5610BA}\MpKsl3157fefe.sys [x]
R1 MpKsl32784dd6;MpKsl32784dd6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{739B6494-E1F8-4F3E-A4AD-2635939D4307}\MpKsl32784dd6.sys [x]
R1 MpKsl39de850c;MpKsl39de850c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DA91449-AF5F-49CD-BB42-57A9A5FC96A0}\MpKsl39de850c.sys [x]
R1 MpKsl3b15d3df;MpKsl3b15d3df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0CD785C-CEC5-4269-A8C0-02BE77C7276A}\MpKsl3b15d3df.sys [x]
R1 MpKsl3b20d1df;MpKsl3b20d1df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9247875B-6B15-4054-94B1-36A342ACCA51}\MpKsl3b20d1df.sys [x]
R1 MpKsl42ad931c;MpKsl42ad931c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4314C7D-B49C-4236-8AF5-4AF0A1CB514C}\MpKsl42ad931c.sys [x]
R1 MpKsl4b58eb93;MpKsl4b58eb93;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8F9B1DF-A4A6-4053-B1B5-AFF15E5610BA}\MpKsl4b58eb93.sys [x]
R1 MpKsl530ba384;MpKsl530ba384;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B655E456-CA33-44A9-876F-2566EF045783}\MpKsl530ba384.sys [x]
R1 MpKsl56cbc87c;MpKsl56cbc87c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7BAF7D75-2455-4C12-B3DB-2627F7E0C222}\MpKsl56cbc87c.sys [x]
R1 MpKsl591c3512;MpKsl591c3512;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2309F098-9DF0-4428-A04B-4E4C3A860FA9}\MpKsl591c3512.sys [x]
R1 MpKsl5dd51386;MpKsl5dd51386;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C195B4E7-D3D0-4BD3-ADC8-ACAD45D99179}\MpKsl5dd51386.sys [x]
R1 MpKsl60a39861;MpKsl60a39861;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A559CAC5-CCC0-44CA-BD53-7D16E39A2950}\MpKsl60a39861.sys [x]
R1 MpKsl66ddca17;MpKsl66ddca17;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDFA5914-EF9B-4DCD-AF44-8A45F460628E}\MpKsl66ddca17.sys [x]
R1 MpKsl73a19290;MpKsl73a19290;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31463DE6-8107-4DCB-A1B2-7E1C67449C78}\MpKsl73a19290.sys [x]
R1 MpKsl8250f1ca;MpKsl8250f1ca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EE7DB756-E1A3-4734-971D-0224EF1824FB}\MpKsl8250f1ca.sys [x]
R1 MpKsl87dd9996;MpKsl87dd9996;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DA91449-AF5F-49CD-BB42-57A9A5FC96A0}\MpKsl87dd9996.sys [x]
R1 MpKsl8c8877d0;MpKsl8c8877d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10975C14-CC0D-4EC9-BB16-8B882079BDBB}\MpKsl8c8877d0.sys [x]
R1 MpKsl9adc85e3;MpKsl9adc85e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CB37EA3-803A-4B4F-B500-D2E904DEB5FF}\MpKsl9adc85e3.sys [x]
R1 MpKslabc6275f;MpKslabc6275f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E30EB4AE-B0CC-4648-9C99-937033DE171F}\MpKslabc6275f.sys [x]
R1 MpKslacd9d4c8;MpKslacd9d4c8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A3880D1-C127-41E7-B79E-8A7A1D077D23}\MpKslacd9d4c8.sys [x]
R1 MpKslad072f99;MpKslad072f99;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F71A4E9C-600F-4777-A00A-86BDF0B458C1}\MpKslad072f99.sys [x]
R1 MpKslafa01a84;MpKslafa01a84;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5074FC6-C8A1-4C9E-84FC-A1F015AF4F85}\MpKslafa01a84.sys [x]
R1 MpKslbed8239e;MpKslbed8239e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4968A468-FEC9-432D-8334-ED6D41CAB976}\MpKslbed8239e.sys [x]
R1 MpKslcf848c6c;MpKslcf848c6c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4984F29D-9D0F-41B0-84A8-9C1A7995DC08}\MpKslcf848c6c.sys [x]
R1 MpKsld0bc60c8;MpKsld0bc60c8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EBD368F-E828-457E-BDC1-CBB385C672EC}\MpKsld0bc60c8.sys [x]
R1 MpKsld47cdf20;MpKsld47cdf20;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CFBD7F7-F09B-45DA-9E1D-1CBD3B15AB2B}\MpKsld47cdf20.sys [x]
R1 MpKsld6316ddf;MpKsld6316ddf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2C2A1ED-AD6E-4C44-8B4C-A63EBFF9C180}\MpKsld6316ddf.sys [x]
R1 MpKsld7678723;MpKsld7678723;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8F4C0B7-3720-46E0-BEC8-D25CE2AD277B}\MpKsld7678723.sys [x]
R1 MpKslf78ff9e9;MpKslf78ff9e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{257C8F7F-1361-4019-9037-D54251CEAC24}\MpKslf78ff9e9.sys [x]
R1 MpKslf96a787e;MpKslf96a787e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C3E59AE-123D-4005-A46C-B327BFC4A587}\MpKslf96a787e.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 135664]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2010-06-17 82768]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 135664]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-04-09 7680]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-25 1343400]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-04-09 110592]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-04-09 105344]
R4 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-06-22 321104]
R4 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 735776]
R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
R4 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-04-20 9216]
R4 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-10-05 237056]
R4 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-10-05 1060352]
R4 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-10-05 484352]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-05-20 68208]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 NETw5s32;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-05-31 6766080]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 13:34]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 13:34]
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000Core.job
- c:\users\XXXX\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 17:47]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000UA.job
- c:\users\XXXX\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 17:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
mStart Page = 
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\wo2dmo0j.default\
FF - prefs.js: browser.search.selectedEngine - Google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\System32\LocationNotifications.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-02  15:53:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-02 14:53
.
Vor Suchlauf: 13 Verzeichnis(se), 166.733.926.400 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 166.488.657.920 Bytes frei
.
- - End Of File - - ABD854930188BB9EC9AE5AD07FFB25E4
         
--- --- ---

Alt 02.01.2012, 16:25   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Probleme mit Sirefef.P - Standard

Probleme mit Sirefef.P



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
File::
c:\windows\system32\drivers\rdvgkmd.sys

Driver::
VGPU
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.01.2012, 18:18   #14
biberbruder
 
Probleme mit Sirefef.P - Standard

Probleme mit Sirefef.P



Hallo,

hier das Logfile:
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-01-02.01 - XXX 02.01.2012  16:41:41.2.4 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.1013.248 [GMT 1:00]
ausgeführt von:: c:\users\XXX\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\XXX\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\rdvgkmd.sys"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_VGPU
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-02 bis 2012-01-02  ))))))))))))))))))))))))))))))
.
.
2012-01-02 15:59 . 2012-01-02 15:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-02 15:30 . 2012-01-02 15:30	29904	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{361D6C28-6288-4A8A-B8C1-D2909AE180EC}\MpKsl9bb1ceb2.sys
2012-01-02 15:30 . 2012-01-02 16:01	56200	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{361D6C28-6288-4A8A-B8C1-D2909AE180EC}\offreg.dll
2012-01-02 15:30 . 2011-11-21 10:47	6823496	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{361D6C28-6288-4A8A-B8C1-D2909AE180EC}\mpengine.dll
2012-01-02 14:44 . 2012-01-02 16:01	--------	d-----w-	c:\users\XXX\AppData\Local\temp
2012-01-02 14:22 . 2011-04-25 02:18	338944	----a-w-	c:\windows\system32\drivers\afd.sys
2012-01-02 13:01 . 2012-01-02 13:01	--------	d-----w-	C:\_OTL
2011-12-31 06:18 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-30 19:54 . 2011-12-30 19:54	--------	d-----w-	c:\users\XXX\AppData\Local\Amazon
2011-12-30 19:54 . 2011-12-30 19:54	--------	d-----w-	c:\program files\Amazon
2011-12-30 14:08 . 2011-11-24 04:25	2342912	----a-w-	c:\windows\system32\win32k.sys
2011-12-30 14:08 . 2011-11-05 04:26	2048	----a-w-	c:\windows\system32\tzres.dll
2011-12-30 14:07 . 2011-10-15 05:38	534528	----a-w-	c:\windows\system32\EncDec.dll
2011-12-30 14:07 . 2011-10-26 04:28	38912	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-30 14:06 . 2011-10-26 04:47	3912560	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-12-30 14:06 . 2011-10-26 04:47	3967856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-12-30 04:56 . 2011-12-30 04:56	--------	d-----w-	c:\program files\ESET
2011-12-29 17:18 . 2011-12-29 17:18	--------	d-----w-	c:\users\XXX\AppData\Roaming\Malwarebytes
2011-12-29 17:17 . 2011-12-29 17:17	--------	d-----w-	c:\programdata\Malwarebytes
2011-12-29 17:17 . 2011-12-31 06:18	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-12-26 18:04 . 2011-12-30 13:37	--------	d-----w-	C:\Closeall
2011-12-14 11:22 . 2011-12-14 11:22	--------	d-----w-	c:\users\XXX\AppData\Roaming\Rovio
2011-12-14 11:20 . 2011-12-30 13:37	--------	d-----w-	c:\program files\AngryBirds
2011-12-14 09:18 . 2011-12-30 13:37	--------	d-----w-	c:\program files\Finale 2009 Demo
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-27 08:46 . 2011-11-27 08:46	1409	----a-w-	c:\windows\QTFont.for
2011-11-21 10:47 . 2011-08-01 19:21	6823496	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-18 13:32 . 2011-11-18 13:32	499712	----a-w-	c:\windows\system32\msvcp71.dll
2011-11-18 13:32 . 2011-11-18 13:32	348160	----a-w-	c:\windows\system32\msvcr71.dll
2011-11-11 18:36 . 2011-06-05 14:32	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 07:30 . 2011-10-11 07:31	703824	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91F289DD-5888-4D1D-A290-EC24EF7F5FB1}\gapaengine.dll
2010-03-31 09:09 . 2010-03-31 09:09	10437264	----a-w-	c:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 11:36 . 2010-04-08 11:36	107760	----a-w-	c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2011-11-10 05:35 . 2011-06-05 14:21	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-22 9292392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-16 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-11-18 296056]
"Uniboard virtual printer agent"="c:\program files\Uniboard 4\ubrdagent.exe" [2009-08-27 94208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]
2010-06-11 12:28	715296	----a-w-	c:\program files\Acer\Acer ePower Management\ePowerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AndroidManager]
2010-01-08 09:47	508280	----a-w-	c:\program files\Acer\Android Manager\AML.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus SX525WD(Netzwerk)]
2011-07-19 06:02	201216	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\E_FATIGAE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-20 17:47	136176	----atw-	c:\users\XXX\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPatchData]
2010-11-30 02:13	489848	----a-w-	c:\program files\Acer\Updater\iUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSyncData]
2010-01-08 09:53	407416	----a-w-	c:\program files\Acer\Android Manager\iSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2010-06-22 06:34	968272	----a-w-	c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2009-04-20 16:20	2327552	----a-w-	c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 MpKsl03a4c6da;MpKsl03a4c6da;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C195B4E7-D3D0-4BD3-ADC8-ACAD45D99179}\MpKsl03a4c6da.sys [x]
R1 MpKsl0415a17a;MpKsl0415a17a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7CAFB7B-B1A4-4BC6-965D-53A2EBFF0EC6}\MpKsl0415a17a.sys [x]
R1 MpKsl0ce4fbda;MpKsl0ce4fbda;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{226C1614-04E9-4FA7-8A85-43351DF1452E}\MpKsl0ce4fbda.sys [x]
R1 MpKsl0fec7b90;MpKsl0fec7b90;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5363F6DE-C0E9-42E1-9D19-A6A03AF97927}\MpKsl0fec7b90.sys [x]
R1 MpKsl196bd21b;MpKsl196bd21b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F583F41C-7C3C-428A-9F94-0241211680EA}\MpKsl196bd21b.sys [x]
R1 MpKsl2607df49;MpKsl2607df49;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC8F7EFF-663D-47CA-8E8D-A2F08CB20CA1}\MpKsl2607df49.sys [x]
R1 MpKsl264939d0;MpKsl264939d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44B8F922-8674-4361-9D4A-6F7BC90D132A}\MpKsl264939d0.sys [x]
R1 MpKsl29daf26c;MpKsl29daf26c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{739B6494-E1F8-4F3E-A4AD-2635939D4307}\MpKsl29daf26c.sys [x]
R1 MpKsl2ff64951;MpKsl2ff64951;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44B8F922-8674-4361-9D4A-6F7BC90D132A}\MpKsl2ff64951.sys [x]
R1 MpKsl3157fefe;MpKsl3157fefe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8F9B1DF-A4A6-4053-B1B5-AFF15E5610BA}\MpKsl3157fefe.sys [x]
R1 MpKsl32784dd6;MpKsl32784dd6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{739B6494-E1F8-4F3E-A4AD-2635939D4307}\MpKsl32784dd6.sys [x]
R1 MpKsl39de850c;MpKsl39de850c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DA91449-AF5F-49CD-BB42-57A9A5FC96A0}\MpKsl39de850c.sys [x]
R1 MpKsl3b15d3df;MpKsl3b15d3df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0CD785C-CEC5-4269-A8C0-02BE77C7276A}\MpKsl3b15d3df.sys [x]
R1 MpKsl3b20d1df;MpKsl3b20d1df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9247875B-6B15-4054-94B1-36A342ACCA51}\MpKsl3b20d1df.sys [x]
R1 MpKsl42ad931c;MpKsl42ad931c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4314C7D-B49C-4236-8AF5-4AF0A1CB514C}\MpKsl42ad931c.sys [x]
R1 MpKsl4b58eb93;MpKsl4b58eb93;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8F9B1DF-A4A6-4053-B1B5-AFF15E5610BA}\MpKsl4b58eb93.sys [x]
R1 MpKsl530ba384;MpKsl530ba384;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B655E456-CA33-44A9-876F-2566EF045783}\MpKsl530ba384.sys [x]
R1 MpKsl56cbc87c;MpKsl56cbc87c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7BAF7D75-2455-4C12-B3DB-2627F7E0C222}\MpKsl56cbc87c.sys [x]
R1 MpKsl591c3512;MpKsl591c3512;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2309F098-9DF0-4428-A04B-4E4C3A860FA9}\MpKsl591c3512.sys [x]
R1 MpKsl5dd51386;MpKsl5dd51386;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C195B4E7-D3D0-4BD3-ADC8-ACAD45D99179}\MpKsl5dd51386.sys [x]
R1 MpKsl60a39861;MpKsl60a39861;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A559CAC5-CCC0-44CA-BD53-7D16E39A2950}\MpKsl60a39861.sys [x]
R1 MpKsl66ddca17;MpKsl66ddca17;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDFA5914-EF9B-4DCD-AF44-8A45F460628E}\MpKsl66ddca17.sys [x]
R1 MpKsl73a19290;MpKsl73a19290;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31463DE6-8107-4DCB-A1B2-7E1C67449C78}\MpKsl73a19290.sys [x]
R1 MpKsl8250f1ca;MpKsl8250f1ca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EE7DB756-E1A3-4734-971D-0224EF1824FB}\MpKsl8250f1ca.sys [x]
R1 MpKsl87dd9996;MpKsl87dd9996;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DA91449-AF5F-49CD-BB42-57A9A5FC96A0}\MpKsl87dd9996.sys [x]
R1 MpKsl8c8877d0;MpKsl8c8877d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10975C14-CC0D-4EC9-BB16-8B882079BDBB}\MpKsl8c8877d0.sys [x]
R1 MpKsl9adc85e3;MpKsl9adc85e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CB37EA3-803A-4B4F-B500-D2E904DEB5FF}\MpKsl9adc85e3.sys [x]
R1 MpKslabc6275f;MpKslabc6275f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E30EB4AE-B0CC-4648-9C99-937033DE171F}\MpKslabc6275f.sys [x]
R1 MpKslacd9d4c8;MpKslacd9d4c8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A3880D1-C127-41E7-B79E-8A7A1D077D23}\MpKslacd9d4c8.sys [x]
R1 MpKslad072f99;MpKslad072f99;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F71A4E9C-600F-4777-A00A-86BDF0B458C1}\MpKslad072f99.sys [x]
R1 MpKslafa01a84;MpKslafa01a84;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5074FC6-C8A1-4C9E-84FC-A1F015AF4F85}\MpKslafa01a84.sys [x]
R1 MpKslbed8239e;MpKslbed8239e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4968A468-FEC9-432D-8334-ED6D41CAB976}\MpKslbed8239e.sys [x]
R1 MpKslcf848c6c;MpKslcf848c6c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4984F29D-9D0F-41B0-84A8-9C1A7995DC08}\MpKslcf848c6c.sys [x]
R1 MpKsld0bc60c8;MpKsld0bc60c8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EBD368F-E828-457E-BDC1-CBB385C672EC}\MpKsld0bc60c8.sys [x]
R1 MpKsld47cdf20;MpKsld47cdf20;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CFBD7F7-F09B-45DA-9E1D-1CBD3B15AB2B}\MpKsld47cdf20.sys [x]
R1 MpKsld6316ddf;MpKsld6316ddf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2C2A1ED-AD6E-4C44-8B4C-A63EBFF9C180}\MpKsld6316ddf.sys [x]
R1 MpKsld7678723;MpKsld7678723;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8F4C0B7-3720-46E0-BEC8-D25CE2AD277B}\MpKsld7678723.sys [x]
R1 MpKslf78ff9e9;MpKslf78ff9e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{257C8F7F-1361-4019-9037-D54251CEAC24}\MpKslf78ff9e9.sys [x]
R1 MpKslf96a787e;MpKslf96a787e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C3E59AE-123D-4005-A46C-B327BFC4A587}\MpKslf96a787e.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 135664]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2010-06-17 82768]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 135664]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-04-09 7680]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-25 1343400]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-04-09 110592]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-04-09 105344]
R4 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-06-22 321104]
R4 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 735776]
R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
R4 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-04-20 9216]
R4 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-10-05 237056]
R4 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-10-05 1060352]
R4 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-10-05 484352]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 MpKsl9bb1ceb2;MpKsl9bb1ceb2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{361D6C28-6288-4A8A-B8C1-D2909AE180EC}\MpKsl9bb1ceb2.sys [2012-01-02 29904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-05-20 68208]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 NETw5s32;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-05-31 6766080]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 13:34]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 13:34]
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000Core.job
- c:\users\XXX\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 17:47]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2822331851-1568947184-2201269325-1000UA.job
- c:\users\XXX\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 17:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
mStart Page = 
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\wo2dmo0j.default\
FF - prefs.js: browser.search.selectedEngine - Google.de
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\LocationNotifications.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-02  17:07:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-02 16:07
ComboFix2.txt  2012-01-02 14:53
.
Vor Suchlauf: 18 Verzeichnis(se), 166.298.136.576 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 166.261.014.528 Bytes frei
.
- - End Of File - - E7AA46074EE18DE81C3215D70E28B926
         
--- --- ---

Leider habe ich die Windows-Firewall nicht deaktivieren können... hoffe die Aktion hat trotzdem Aussicht auf Erfolg.

Alt 02.01.2012, 21:01   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Probleme mit Sirefef.P - Standard

Probleme mit Sirefef.P



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Probleme mit Sirefef.P
aktion, angesagt, einstellungen, entfernen, forum, frage, fragen, gmer, manuell, meldung, neuinstallation, neustart, probleme, problemlos, prozess, retten, schnell, system, task-manager, trojaner, verschwunden, versucht, warnmeldung, win, win32



Ähnliche Themen: Probleme mit Sirefef.P


  1. Trojaner TR/Sirefef.BC.57, TR/Sirefef.AG.9, TR/ATRAPS.Gen2, TR/Necurs.A.71 und SpyHunter 4 auf Rechner
    Log-Analyse und Auswertung - 07.05.2013 (7)
  2. Trojaner Sirefef.AG.9 u. Sirefef.AL.50 in C:\$Recycle.Bin\, Vista-Sicherheitscenter u. Firewall nach anschl. VistaUpdate nicht mehr startbar
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (41)
  3. Sirefef-A und Sirefef.mc Virenfund - eigenständiges Öffnen von Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 12.11.2012 (9)
  4. Win64/Sirefef.w - Sirefef.ab und Sirefef.M eingefangen
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (29)
  5. Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (18)
  6. win 32:Sirefef-AO und Malware.gen, win64:Sirefef-A gefunden von avast!
    Log-Analyse und Auswertung - 11.08.2012 (1)
  7. sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter.
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (37)
  8. Trojana:Win32/Sirefef.R und Sirefef.AH kann nicht entfernt werden
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (13)
  9. Antivir meldet ständig Probleme mit TR/ATRAPS.Gen2 und TR/Sirefef.AG.35
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (23)
  10. Probleme mit Trojan.Small, Trojan.Sirefef.AG.35, Rootkid.0Access,TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 28.06.2012 (23)
  11. Trojaner: Sirefef.X / Sirefef.E / Conedex.A und Exploit: JS/Blacole.FF
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (37)
  12. Probleme mit TR/Sirefef.BV.2 und TR/Offend.KD.578785
    Log-Analyse und Auswertung - 29.03.2012 (26)
  13. Probleme mit diversen sirefef Trojanern, vor allem Trojan: Win32/Sirefref.p
    Log-Analyse und Auswertung - 19.01.2012 (40)
  14. Trojan:Win64/Sirefef.K + .../Sirefef.D + .../Sirefef.E
    Log-Analyse und Auswertung - 13.01.2012 (15)
  15. Trojan:Win64/Sirefef.K, Sirefef.E und Sirefef.D kommen immer wieder
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (1)
  16. Trojan:Win64/Sirefef.K & Sirefef.D & Sirefef.E
    Log-Analyse und Auswertung - 02.01.2012 (6)
  17. Probleme mit Sirefef.B und ich weiss nicht mehr weiter!
    Plagegeister aller Art und deren Bekämpfung - 11.10.2011 (7)

Zum Thema Probleme mit Sirefef.P - Hallo, habe seit 3 Tagen Probleme mit dem Trojaner Win32:Sirefef.P Die erste Meldung kam vor 3 Tagen mit MSE, daraufhin habe ich MSE die empfohlene Aktion ausführen lassen (entfernen). Nach - Probleme mit Sirefef.P...
Archiv
Du betrachtest: Probleme mit Sirefef.P auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.