Trojaner-Board - Dienst "Windows-Sicherheitscenter" lässt sich nicht aktivieren

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Dienst "Windows-Sicherheitscenter" lässt sich nicht aktivieren (https://www.trojaner-board.de/100389-dienst-windows-sicherheitscenter-laesst-aktivieren.html)

Dienst "Windows-Sicherheitscenter" lässt sich nicht aktivieren

Hallo,
seit gestern (zumindest ist es mir vorher nicht aufgefallen) lässt sich der Dienst für das Sicherheitscenter nicht mehr starten. Ferner funktionieren die Systemsicherung/-wiederherstellung sowie die MS Security Essentials (Fenster geht kurz auf und verschwindet dann wieder) nicht.
Der Dienst ist deaktiviert, versuche ich ihn zu aktivieren und manuell zu starten, wird dieser kurze Zeit später wieder beendet und deaktiviert.
Ich habe sowohl mit Anti-Malware als auch mit MS Safety Scanner das System durchsuchen lassen, allerdings ohne positiven Bescheid. Das Verhalten kommt mir doch relativ seltsam vor.

Anbei die otl.txt, evtl. ist ja etwas interessantes dabei..

Danke und Grüße.

Code:

OTL logfile created on: 15.06.2011 22:12:24 - Run 2

OTL by OldTimer - Version 3.2.24.0     Folder = C:\Users\chi\Desktop

64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

6,00 Gb Total Physical Memory | 4,62 Gb Available Physical Memory | 76,95% Memory free

6,00 Gb Paging File | 4,60 Gb Available in Paging File | 76,67% Paging File free

Paging file location(s):  [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 97,56 Gb Total Space | 23,27 Gb Free Space | 23,85% Space Free | Partition Type: NTFS

Drive D: | 858,27 Gb Total Space | 82,86 Gb Free Space | 9,65% Space Free | Partition Type: NTFS

Drive E: | 833,85 Gb Total Space | 48,11 Gb Free Space | 5,77% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Drive M: | 3,72 Gb Total Space | 1,16 Gb Free Space | 31,34% Space Free | Partition Type: FAT32

Drive Y: | 73,14 Gb Total Space | 73,04 Gb Free Space | 99,86% Space Free | Partition Type: NTFS

 

Computer Name: STATIC | User Name: chi | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.06.15 16:49:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\chi\Desktop\OTL.exe

PRC - [2011.05.25 22:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\chi\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2011.05.25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2010.09.16 15:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

PRC - [2009.06.17 13:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe

PRC - [2009.03.13 03:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2011.06.15 16:49:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\chi\Desktop\OTL.exe

MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2010.11.11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2010.11.11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2009.08.18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2011.05.25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2010.09.16 15:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.05.16 18:35:14 | 000,156,912 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.10.24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2010.09.28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010.06.25 17:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)

DRV:64bit: - [2010.06.23 10:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009.12.21 22:50:00 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vHidDev.sys -- (vhidmini)

DRV:64bit: - [2009.12.18 00:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2009.11.04 13:13:24 | 000,840,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UDXTTM6010.sys -- (UDXTTM6010)

DRV:64bit: - [2009.11.04 13:13:24 | 000,026,688 | ---- | M] (DTV-DVB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Cinergy_Hybrid-Stick_HID.sys -- (TTHID)

DRV:64bit: - [2009.11.01 20:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)

DRV:64bit: - [2009.09.30 13:45:52 | 000,020,352 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)

DRV:64bit: - [2009.08.18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2010.12.05 15:20:38 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\chi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys -- (WinRing0_1_2_0)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 C0 5D 5D 68 2B CC 01  [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13

FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.8.6

FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.1

FF - prefs.js..extensions.enabledItems: linkgopher@oooninja.com:1.3.2

FF - prefs.js..extensions.enabledItems: compatibility@addons.mozilla.org:0.6

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0\components [2011.03.23 18:46:28 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0\plugins [2011.03.14 11:55:40 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.04.30 01:59:53 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.03.14 11:55:40 | 000,000,000 | ---D | M]

 

[2011.01.21 17:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chi\AppData\Roaming\mozilla\Extensions

[2009.10.02 17:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011.05.31 00:28:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chi\AppData\Roaming\mozilla\Firefox\Profiles\jn1rmkw8.default\extensions

[2011.05.31 00:28:02 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\chi\AppData\Roaming\mozilla\Firefox\Profiles\jn1rmkw8.default\extensions\foxmarks@kei.com

[2011.01.21 17:36:36 | 000,000,000 | ---D | M] (Link Gopher) -- C:\Users\chi\AppData\Roaming\mozilla\Firefox\Profiles\jn1rmkw8.default\extensions\linkgopher@oooninja.com

[2010.08.03 10:39:56 | 000,001,660 | ---- | M] () -- C:\Users\chi\AppData\Roaming\Mozilla\Firefox\Profiles\jn1rmkw8.default\searchplugins\leo-deu-eng.xml

[2009.10.11 22:18:05 | 000,001,340 | ---- | M] () -- C:\Users\chi\AppData\Roaming\Mozilla\Firefox\Profiles\jn1rmkw8.default\searchplugins\wikipedia-en.xml

File not found (No name found) -- 

File not found (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO

File not found (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA

() (No name found) -- C:\USERS\CHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JN1RMKW8.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI

() (No name found) -- C:\USERS\CHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JN1RMKW8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\USERS\CHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JN1RMKW8.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI

() (No name found) -- C:\USERS\CHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JN1RMKW8.DEFAULT\EXTENSIONS\IZER@CAMELCAMELCAMEL.COM.XPI

() (No name found) -- C:\USERS\CHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JN1RMKW8.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)

O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()

O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)

O4 - Startup: C:\Users\chi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\chi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.2

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{c86ee0ac-cf8d-11df-add0-00218519f580}\Shell - "" = AutoRun

O33 - MountPoints2\{c86ee0ac-cf8d-11df-add0-00218519f580}\Shell\AutoRun\command - "" = F:\autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

 

CREATERESTOREPOINT

Error creating restore point.

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.06.15 20:56:09 | 000,000,000 | ---D | C] -- C:\Users\chi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Cleaner Pro

[2011.06.15 20:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Cleaner Pro

[2011.06.15 20:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Cleaner Pro

[2011.06.15 20:53:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011.06.15 20:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software

[2011.06.15 20:16:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

[2011.06.15 17:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2011.06.15 17:22:43 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client

[2011.06.15 16:49:26 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\chi\Desktop\OTL.exe

[2011.06.15 16:33:07 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011.06.15 16:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.06.15 16:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.06.15 15:53:35 | 000,000,000 | ---D | C] -- C:\Users\chi\AppData\Local\ElevatedDiagnostics

[2011.06.15 13:18:35 | 000,000,000 | ---D | C] -- C:\Users\chi\AppData\Roaming\VSRevoGroup

[2011.06.15 00:40:37 | 000,000,000 | ---D | C] -- C:\Users\chi\AppData\Roaming\Malwarebytes

[2011.06.15 00:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.06.15 00:40:29 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.06.14 20:45:00 | 000,000,000 | ---D | C] -- C:\Users\chi\AppData\Roaming\FFSJ

[2011.06.12 23:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader_nightly

[2011.06.11 12:31:08 | 000,000,000 | ---D | C] -- C:\Users\chi\AppData\Local\MediaMonkey

[2011.06.10 17:08:44 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server

[2011.06.10 17:08:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server

[2011.06.10 17:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework

[2011.06.10 17:08:05 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Sync Framework

[2011.06.10 17:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services

[2011.06.10 17:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

[2011.06.10 17:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions

[2011.06.10 17:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK - Deutsch

[2011.06.10 17:04:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET

[2011.06.10 17:04:23 | 000,000,000 | ---D | C] -- C:\Programme\IIS

[2011.06.10 17:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS

[2011.06.10 17:03:46 | 000,000,000 | ---D | C] -- C:\Users\chi\Documents\Visual Studio 2008

[2011.06.10 16:59:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer

[2011.06.10 16:59:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1031

[2011.06.10 16:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010

[2011.06.10 16:59:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft F#

[2011.06.10 16:59:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules

[2011.06.10 16:59:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop

[2011.06.10 16:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0

[2011.06.10 16:56:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0

[2011.06.10 16:56:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1031

[2011.06.10 16:56:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs

[2011.06.09 16:18:38 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2011.06.09 16:18:38 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2011.06.09 11:40:17 | 000,000,000 | ---D | C] -- C:\Users\chi\Desktop\Sprachverarbeitung

[2011.06.08 14:34:55 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.4

[2011.06.08 14:34:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 3.4

[2011.06.08 14:13:18 | 000,000,000 | ---D | C] -- C:\Users\chi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[2011.06.07 20:15:41 | 000,000,000 | ---D | C] -- C:\Users\chi\AppData\Local\2DBoy

[2011.06.07 20:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy

[2011.06.07 19:17:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox

[2011.06.07 19:16:55 | 000,000,000 | ---D | C] -- C:\Programme\VirtualBox

[2011.06.04 01:21:09 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Xbox 360 Accessories

[2011.06.04 01:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories

[2011.05.31 18:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\CCP

[2011.05.31 18:06:05 | 000,000,000 | ---D | C] -- C:\Users\chi\AppData\Local\CCP

[2011.05.31 00:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab

[2011.05.31 00:28:38 | 000,000,000 | ---D | C] -- C:\Users\chi\SystemRequirementsLab

[2011.05.31 00:16:03 | 000,000,000 | ---D | C] -- C:\Users\chi\Documents\Witcher 2

[2011.05.31 00:16:03 | 000,000,000 | ---D | C] -- C:\Users\chi\AppData\Local\The Witcher 2

[2011.05.31 00:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2

[2011.05.30 20:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation

[2011.05.29 23:14:42 | 000,000,000 | ---D | C] -- C:\Users\chi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SABnzbd

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.06.15 22:08:58 | 000,000,000 | ---- | M] () -- C:\Users\chi\defogger_reenable

[2011.06.15 22:06:40 | 000,050,477 | ---- | M] () -- C:\Users\chi\Desktop\Defogger.exe

[2011.06.15 22:05:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-902355652-2286816670-1636548934-1000UA.job

[2011.06.15 21:21:02 | 000,015,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.06.15 21:21:02 | 000,015,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.06.15 21:18:10 | 001,649,292 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.06.15 21:18:10 | 000,709,520 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.06.15 21:18:10 | 000,663,138 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.06.15 21:18:10 | 000,154,012 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.06.15 21:18:10 | 000,126,228 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.06.15 21:13:58 | 000,000,300 | -HS- | M] () -- C:\Windows\tasks\ZGCKQH.job

[2011.06.15 21:13:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.06.15 21:13:52 | 536,223,743 | -HS- | M] () -- C:\hiberfil.sys

[2011.06.15 17:23:06 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif

[2011.06.15 17:22:51 | 001,670,878 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.06.15 16:49:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\chi\Desktop\OTL.exe

[2011.06.15 15:05:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-902355652-2286816670-1636548934-1000Core.job

[2011.06.14 22:07:54 | 000,299,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.06.14 13:33:25 | 000,112,128 | RHS- | M] () -- C:\Windows\SysWow64\fingers.dll

[2011.06.02 20:36:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf

[2011.06.01 16:41:52 | 000,000,158 | ---- | M] () -- C:\Windows\matlab.ini

[2011.05.30 16:20:02 | 000,000,959 | ---- | M] () -- C:\Users\chi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011.05.29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.05.25 09:25:27 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2011.05.25 09:25:27 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2011.05.25 09:25:23 | 000,007,384 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.06.15 22:08:58 | 000,000,000 | ---- | C] () -- C:\Users\chi\defogger_reenable

[2011.06.15 22:06:40 | 000,050,477 | ---- | C] () -- C:\Users\chi\Desktop\Defogger.exe

[2011.06.15 17:22:45 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2011.06.14 13:33:25 | 000,112,128 | RHS- | C] () -- C:\Windows\SysWow64\fingers.dll

[2011.06.14 13:33:25 | 000,000,300 | -HS- | C] () -- C:\Windows\tasks\ZGCKQH.job

[2011.06.02 20:36:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf

[2011.04.12 19:40:31 | 000,000,337 | ---- | C] () -- C:\Users\chi\AppData\Local\Perfmon.PerfmonCfg

[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011.01.21 13:46:52 | 000,368,400 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll

[2011.01.14 21:05:37 | 000,099,548 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2010.12.07 00:16:03 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2010.11.11 01:06:50 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2010.11.03 10:47:52 | 000,000,091 | ---- | C] () -- C:\Users\chi\AppData\Local\fusioncache.dat

[2010.10.16 19:20:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010.10.14 07:59:20 | 001,670,878 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.10.03 16:34:06 | 000,007,605 | ---- | C] () -- C:\Users\chi\AppData\Local\Resmon.ResmonCfg

[2010.10.02 15:06:08 | 000,000,158 | ---- | C] () -- C:\Windows\matlab.ini

[2010.10.02 13:51:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

 
 ========== LOP Check ==========

 

[2011.02.09 22:57:02 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\.kde

[2011.04.15 00:01:50 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\.minecraft

[2011.03.18 13:11:19 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\.purple

[2010.10.31 14:43:48 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\benibela

[2011.04.03 22:26:47 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\calibre

[2011.02.13 00:48:34 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\CDisplayEx

[2011.06.15 21:14:17 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\Dropbox

[2011.06.14 20:45:00 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\FFSJ

[2011.06.08 13:23:04 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\foobar2000

[2010.10.15 20:50:03 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\InfraRecorder

[2011.02.09 22:30:32 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\KDE

[2011.06.08 14:37:32 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\LibreOffice

[2010.10.04 12:23:56 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\Miranda

[2011.02.22 00:11:57 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\Mp3tag

[2010.12.22 10:48:58 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\Notepad++

[2010.10.02 19:35:38 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\SumatraPDF

[2011.06.15 22:10:41 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\TeraCopy

[2010.10.24 19:55:48 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\TerraTec

[2010.10.02 16:38:48 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\Thunderbird

[2011.04.10 12:07:27 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\Unity

[2011.06.15 13:18:35 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\VSRevoGroup

[2011.03.13 19:00:40 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\xm1

[2011.02.06 11:54:50 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011.06.15 21:13:58 | 000,000,300 | -HS- | M] () -- C:\Windows\Tasks\ZGCKQH.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2011.06.15 13:53:40 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2011.06.15 21:13:51 | 000,000,000 | -HSD | M] -- C:\Config.Msi

[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2010.10.02 13:59:03 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2011.06.15 17:22:43 | 000,000,000 | R--D | M] -- C:\Programme

[2011.06.15 21:06:37 | 000,000,000 | R--D | M] -- C:\Program Files (x86)

[2011.06.15 20:16:46 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2010.10.02 13:59:03 | 000,000,000 | -HSD | M] -- C:\Programme

[2010.10.02 13:59:03 | 000,000,000 | -HSD | M] -- C:\Recovery

[2011.06.15 13:12:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2011.06.15 21:20:17 | 000,000,000 | R--D | M] -- C:\Users

[2011.06.15 21:13:55 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 

 
 < MD5 for: EXPLORER.EXE  >

[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe

[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe

[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

 
 < MD5 for: REGEDIT.EXE  >

[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe

[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe

[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe

[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 

< End of report >

Poste bitte alle Logs von Malwarebytes. Evtl. war mit Malwarebytes kein "effektiver" Scan durchgeführt worden

Anbei das log-file.

Code:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org
 

Datenbank Version: 6862
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514
 

15.06.2011 17:39:47

mbam-log-2011-06-15 (17-39-47).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|Y:\|)

Durchsuchte Objekte: 883462

Laufzeit: 1 Stunde(n), 3 Minute(n), 28 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Hast du nur einen oder mehrere Scans mit Malwarebytes gemacht?

Ich habe heute Nachmittag noch einen gemacht, der ist aber bis auf Datum und Uhrzeit identisch.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{c86ee0ac-cf8d-11df-add0-00218519f580}\Shell - "" = AutoRun

O33 - MountPoints2\{c86ee0ac-cf8d-11df-add0-00218519f580}\Shell\AutoRun\command - "" = F:\autorun.exe

[2011.06.14 13:33:25 | 000,112,128 | RHS- | C] () -- C:\Windows\SysWow64\fingers.dll

[2011.06.14 13:33:25 | 000,000,300 | -HS- | C] () -- C:\Windows\tasks\ZGCKQH.job

:Commands

[purity]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Stell uns bitte danach den Quarantäneordner von OTL zur Verfügung. Bitte dabei so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht behindern!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Danke, aber was genau macht der OTL-Fix bzw. wo finde ich Informationen dazu?

Die dort aufgeführten Einträge werden gefixt/gelöscht

Prima, nach dem Fix und einem Neustart scheint alles zu laufen. Sowohl MSE als auch der Sicherheitscenterdienst lassen sich starten. Die Daten sind hochgeladen.

Aber was war der Auslöser für das Problem?

Ja was war wohl der Auslöser :glaskugel: :D

Auswertung der Datei C:\Windows\SysWow64\fingers.dll => VirusTotal - Free Online Virus, Malware and URL Scanner

Scheint wohl neue recht unbekannte Malware zu sein. Hab allen uns bekannten Scannerherstellern die Datei mal zukommen lassen, damit die schnell passende Signaturen dafür entwickeln.

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Code:

2011/06/16 21:02:36.0531 2156        TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15

2011/06/16 21:02:36.0797 2156        ================================================================================

2011/06/16 21:02:36.0797 2156        SystemInfo:

2011/06/16 21:02:36.0797 2156        

2011/06/16 21:02:36.0797 2156        OS Version: 6.1.7601 ServicePack: 1.0

2011/06/16 21:02:36.0797 2156        Product type: Workstation

2011/06/16 21:02:36.0797 2156        ComputerName: STATIC

2011/06/16 21:02:36.0797 2156        UserName: chi

2011/06/16 21:02:36.0797 2156        Windows directory: C:\Windows

2011/06/16 21:02:36.0797 2156        System windows directory: C:\Windows

2011/06/16 21:02:36.0797 2156        Running under WOW64

2011/06/16 21:02:36.0797 2156        Processor architecture: Intel x64

2011/06/16 21:02:36.0797 2156        Number of processors: 2

2011/06/16 21:02:36.0797 2156        Page size: 0x1000

2011/06/16 21:02:36.0797 2156        Boot type: Normal boot

2011/06/16 21:02:36.0797 2156        ================================================================================

2011/06/16 21:02:37.0928 2156        Initialize success

2011/06/16 21:03:20.0134 0336        ================================================================================

2011/06/16 21:03:20.0134 0336        Scan started

2011/06/16 21:03:20.0134 0336        Mode: Manual; 

2011/06/16 21:03:20.0134 0336        ================================================================================

2011/06/16 21:03:21.0211 0336        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

2011/06/16 21:03:21.0242 0336        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

2011/06/16 21:03:21.0258 0336        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

2011/06/16 21:03:21.0320 0336        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/06/16 21:03:21.0351 0336        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2011/06/16 21:03:21.0382 0336        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2011/06/16 21:03:21.0429 0336        AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

2011/06/16 21:03:21.0460 0336        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

2011/06/16 21:03:21.0492 0336        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

2011/06/16 21:03:21.0507 0336        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

2011/06/16 21:03:21.0523 0336        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2011/06/16 21:03:21.0554 0336        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2011/06/16 21:03:21.0585 0336        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

2011/06/16 21:03:21.0601 0336        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/06/16 21:03:21.0632 0336        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

2011/06/16 21:03:21.0663 0336        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

2011/06/16 21:03:21.0710 0336        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2011/06/16 21:03:21.0726 0336        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2011/06/16 21:03:21.0772 0336        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/06/16 21:03:21.0804 0336        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

2011/06/16 21:03:22.0038 0336        atikmdag        (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/06/16 21:03:22.0147 0336        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2011/06/16 21:03:22.0178 0336        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2011/06/16 21:03:22.0225 0336        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2011/06/16 21:03:22.0256 0336        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/06/16 21:03:22.0303 0336        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

2011/06/16 21:03:22.0318 0336        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/06/16 21:03:22.0350 0336        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/06/16 21:03:22.0396 0336        Bridge          (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

2011/06/16 21:03:22.0428 0336        BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

2011/06/16 21:03:22.0459 0336        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2011/06/16 21:03:22.0474 0336        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/06/16 21:03:22.0506 0336        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/06/16 21:03:22.0521 0336        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/06/16 21:03:22.0537 0336        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/06/16 21:03:22.0568 0336        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/06/16 21:03:22.0615 0336        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

2011/06/16 21:03:22.0646 0336        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2011/06/16 21:03:22.0677 0336        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2011/06/16 21:03:22.0724 0336        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/06/16 21:03:22.0755 0336        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

2011/06/16 21:03:22.0802 0336        CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

2011/06/16 21:03:22.0818 0336        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2011/06/16 21:03:22.0849 0336        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

2011/06/16 21:03:22.0880 0336        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/06/16 21:03:22.0927 0336        CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

2011/06/16 21:03:22.0974 0336        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

2011/06/16 21:03:22.0989 0336        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2011/06/16 21:03:23.0005 0336        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2011/06/16 21:03:23.0067 0336        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2011/06/16 21:03:23.0098 0336        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

2011/06/16 21:03:23.0176 0336        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2011/06/16 21:03:23.0254 0336        ElbyCDIO        (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys

2011/06/16 21:03:23.0270 0336        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2011/06/16 21:03:23.0301 0336        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

2011/06/16 21:03:23.0332 0336        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2011/06/16 21:03:23.0348 0336        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2011/06/16 21:03:23.0379 0336        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2011/06/16 21:03:23.0410 0336        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2011/06/16 21:03:23.0426 0336        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2011/06/16 21:03:23.0457 0336        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/06/16 21:03:23.0504 0336        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

2011/06/16 21:03:23.0535 0336        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2011/06/16 21:03:23.0551 0336        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2011/06/16 21:03:23.0598 0336        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

2011/06/16 21:03:23.0629 0336        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/06/16 21:03:23.0660 0336        GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/06/16 21:03:23.0691 0336        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2011/06/16 21:03:23.0738 0336        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

2011/06/16 21:03:23.0785 0336        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

2011/06/16 21:03:23.0800 0336        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/06/16 21:03:23.0832 0336        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2011/06/16 21:03:23.0847 0336        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2011/06/16 21:03:23.0878 0336        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

2011/06/16 21:03:23.0910 0336        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

2011/06/16 21:03:23.0956 0336        HTCAND64        (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys

2011/06/16 21:03:23.0988 0336        htcnprot        (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys

2011/06/16 21:03:24.0019 0336        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

2011/06/16 21:03:24.0066 0336        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

2011/06/16 21:03:24.0081 0336        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

2011/06/16 21:03:24.0128 0336        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

2011/06/16 21:03:24.0159 0336        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2011/06/16 21:03:24.0237 0336        IntcAzAudAddService (f5872a11eb4f6db170d636cd4e53ca9f) C:\Windows\system32\drivers\RTKVHD64.sys

2011/06/16 21:03:24.0284 0336        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

2011/06/16 21:03:24.0315 0336        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2011/06/16 21:03:24.0346 0336        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/06/16 21:03:24.0362 0336        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

2011/06/16 21:03:24.0393 0336        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2011/06/16 21:03:24.0440 0336        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2011/06/16 21:03:24.0456 0336        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

2011/06/16 21:03:24.0471 0336        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

2011/06/16 21:03:24.0502 0336        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

2011/06/16 21:03:24.0534 0336        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

2011/06/16 21:03:24.0565 0336        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

2011/06/16 21:03:24.0596 0336        KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

2011/06/16 21:03:24.0627 0336        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2011/06/16 21:03:24.0674 0336        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/06/16 21:03:24.0705 0336        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/06/16 21:03:24.0721 0336        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/06/16 21:03:24.0736 0336        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/06/16 21:03:24.0768 0336        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2011/06/16 21:03:24.0799 0336        Lycosa          (aecc49af0ac3368027573a5d2f9de351) C:\Windows\system32\drivers\Lycosa.sys

2011/06/16 21:03:24.0830 0336        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2011/06/16 21:03:24.0861 0336        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/06/16 21:03:24.0877 0336        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2011/06/16 21:03:24.0908 0336        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2011/06/16 21:03:24.0924 0336        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

2011/06/16 21:03:24.0955 0336        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2011/06/16 21:03:25.0002 0336        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

2011/06/16 21:03:25.0033 0336        MpFilter        (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys

2011/06/16 21:03:25.0048 0336        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

2011/06/16 21:03:25.0111 0336        MpNWMon         (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys

2011/06/16 21:03:25.0126 0336        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2011/06/16 21:03:25.0158 0336        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

2011/06/16 21:03:25.0204 0336        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/06/16 21:03:25.0220 0336        mrxsmb10        (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/06/16 21:03:25.0236 0336        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/06/16 21:03:25.0282 0336        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

2011/06/16 21:03:25.0298 0336        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

2011/06/16 21:03:25.0345 0336        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2011/06/16 21:03:25.0360 0336        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2011/06/16 21:03:25.0376 0336        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

2011/06/16 21:03:25.0407 0336        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2011/06/16 21:03:25.0438 0336        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/06/16 21:03:25.0454 0336        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2011/06/16 21:03:25.0485 0336        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

2011/06/16 21:03:25.0516 0336        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

2011/06/16 21:03:25.0532 0336        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2011/06/16 21:03:25.0548 0336        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/06/16 21:03:25.0579 0336        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2011/06/16 21:03:25.0610 0336        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2011/06/16 21:03:25.0657 0336        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

2011/06/16 21:03:25.0688 0336        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/06/16 21:03:25.0719 0336        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/06/16 21:03:25.0750 0336        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/06/16 21:03:25.0782 0336        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/06/16 21:03:25.0813 0336        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

2011/06/16 21:03:25.0828 0336        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2011/06/16 21:03:25.0875 0336        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

2011/06/16 21:03:25.0938 0336        netr28ux        (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys

2011/06/16 21:03:26.0000 0336        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/06/16 21:03:26.0016 0336        NisDrv          (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

2011/06/16 21:03:26.0047 0336        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2011/06/16 21:03:26.0062 0336        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2011/06/16 21:03:26.0125 0336        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

2011/06/16 21:03:26.0156 0336        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2011/06/16 21:03:26.0374 0336        nvlddmkm        (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/06/16 21:03:26.0515 0336        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

2011/06/16 21:03:26.0546 0336        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

2011/06/16 21:03:26.0608 0336        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

2011/06/16 21:03:26.0624 0336        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

2011/06/16 21:03:26.0671 0336        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2011/06/16 21:03:26.0718 0336        partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

2011/06/16 21:03:26.0749 0336        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

2011/06/16 21:03:26.0764 0336        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

2011/06/16 21:03:26.0796 0336        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/06/16 21:03:26.0811 0336        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2011/06/16 21:03:26.0858 0336        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2011/06/16 21:03:26.0936 0336        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

2011/06/16 21:03:26.0967 0336        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2011/06/16 21:03:27.0045 0336        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2011/06/16 21:03:27.0076 0336        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/06/16 21:03:27.0092 0336        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2011/06/16 21:03:27.0123 0336        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2011/06/16 21:03:27.0139 0336        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/06/16 21:03:27.0186 0336        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/06/16 21:03:27.0201 0336        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/06/16 21:03:27.0217 0336        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2011/06/16 21:03:27.0264 0336        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

2011/06/16 21:03:27.0279 0336        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/06/16 21:03:27.0310 0336        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/06/16 21:03:27.0342 0336        RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

2011/06/16 21:03:27.0357 0336        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2011/06/16 21:03:27.0388 0336        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2011/06/16 21:03:27.0420 0336        RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

2011/06/16 21:03:27.0451 0336        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

2011/06/16 21:03:27.0513 0336        RTL8167         (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys

2011/06/16 21:03:27.0544 0336        s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

2011/06/16 21:03:27.0576 0336        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

2011/06/16 21:03:27.0607 0336        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

2011/06/16 21:03:27.0638 0336        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/06/16 21:03:27.0669 0336        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2011/06/16 21:03:27.0685 0336        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2011/06/16 21:03:27.0716 0336        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2011/06/16 21:03:27.0763 0336        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

2011/06/16 21:03:27.0778 0336        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

2011/06/16 21:03:27.0794 0336        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

2011/06/16 21:03:27.0810 0336        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/06/16 21:03:27.0841 0336        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/06/16 21:03:27.0872 0336        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/06/16 21:03:27.0903 0336        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2011/06/16 21:03:27.0934 0336        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2011/06/16 21:03:27.0997 0336        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

2011/06/16 21:03:28.0028 0336        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

2011/06/16 21:03:28.0044 0336        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

2011/06/16 21:03:28.0075 0336        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2011/06/16 21:03:28.0106 0336        storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

2011/06/16 21:03:28.0122 0336        storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

2011/06/16 21:03:28.0153 0336        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

2011/06/16 21:03:28.0231 0336        Tcpip           (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys

2011/06/16 21:03:28.0278 0336        TCPIP6          (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys

2011/06/16 21:03:28.0324 0336        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

2011/06/16 21:03:28.0340 0336        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2011/06/16 21:03:28.0371 0336        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2011/06/16 21:03:28.0402 0336        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

2011/06/16 21:03:28.0418 0336        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

2011/06/16 21:03:28.0480 0336        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/06/16 21:03:28.0512 0336        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

2011/06/16 21:03:28.0543 0336        TTHID           (6b37a3b3814d9ffd3c1fa436d714028f) C:\Windows\system32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys

2011/06/16 21:03:28.0605 0336        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

2011/06/16 21:03:28.0636 0336        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2011/06/16 21:03:28.0683 0336        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

2011/06/16 21:03:28.0730 0336        UDXTTM6010      (71a1eddb87ad8c691444aa3debed302c) C:\Windows\system32\DRIVERS\UDXTTM6010.sys

2011/06/16 21:03:28.0792 0336        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

2011/06/16 21:03:28.0824 0336        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

2011/06/16 21:03:28.0839 0336        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2011/06/16 21:03:28.0886 0336        USBAAPL64       (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys

2011/06/16 21:03:28.0917 0336        usbccgp         (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys

2011/06/16 21:03:28.0933 0336        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

2011/06/16 21:03:28.0964 0336        usbehci         (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

2011/06/16 21:03:28.0995 0336        usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys

2011/06/16 21:03:29.0011 0336        usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

2011/06/16 21:03:29.0042 0336        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2011/06/16 21:03:29.0058 0336        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

2011/06/16 21:03:29.0104 0336        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

2011/06/16 21:03:29.0136 0336        usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/06/16 21:03:29.0182 0336        VBoxDrv         (f6b266fda43a39924e40b1a42b91c983) C:\Windows\system32\DRIVERS\VBoxDrv.sys

2011/06/16 21:03:29.0229 0336        VBoxNetAdp      (d119c47f337b5b5a80e259563703a922) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys

2011/06/16 21:03:29.0245 0336        VBoxNetFlt      (a10eb38d1395f5fce91e07608e0185b6) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys

2011/06/16 21:03:29.0276 0336        VBoxUSBMon      (6dd88ea539217a9cfeff4ef888c9d101) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys

2011/06/16 21:03:29.0292 0336        VClone          (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys

2011/06/16 21:03:29.0323 0336        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

2011/06/16 21:03:29.0338 0336        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/06/16 21:03:29.0370 0336        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2011/06/16 21:03:29.0385 0336        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

2011/06/16 21:03:29.0432 0336        vhidmini        (1161acff728d97f75d74d2f1465f8a46) C:\Windows\system32\DRIVERS\vHidDev.sys

2011/06/16 21:03:29.0448 0336        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

2011/06/16 21:03:29.0463 0336        vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

2011/06/16 21:03:29.0494 0336        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

2011/06/16 21:03:29.0510 0336        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

2011/06/16 21:03:29.0557 0336        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

2011/06/16 21:03:29.0572 0336        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

2011/06/16 21:03:29.0619 0336        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/06/16 21:03:29.0635 0336        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/06/16 21:03:29.0666 0336        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/06/16 21:03:29.0697 0336        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2011/06/16 21:03:29.0728 0336        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/06/16 21:03:29.0744 0336        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/06/16 21:03:29.0791 0336        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2011/06/16 21:03:29.0806 0336        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2011/06/16 21:03:29.0869 0336        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/06/16 21:03:29.0884 0336        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2011/06/16 21:03:30.0040 0336        WinRing0_1_2_0  (0c0195c48b6b8582fa6f6373032118da) C:\Users\chi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys

2011/06/16 21:03:30.0087 0336        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/06/16 21:03:30.0134 0336        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

2011/06/16 21:03:30.0165 0336        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2011/06/16 21:03:30.0212 0336        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

2011/06/16 21:03:30.0243 0336        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/06/16 21:03:30.0290 0336        xusb21          (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys

2011/06/16 21:03:30.0321 0336        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/06/16 21:03:30.0337 0336        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

2011/06/16 21:03:30.0337 0336        ================================================================================

2011/06/16 21:03:30.0337 0336        Scan finished

2011/06/16 21:03:30.0337 0336        ================================================================================

2011/06/16 21:03:30.0352 1324        Detected object count: 0

2011/06/16 21:03:30.0352 1324        Actual detected object count: 0

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Combofix Logfile:

Code:

ComboFix 11-06-15.04 - chi 16.06.2011  21:19:37.1.2 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.6143.3593 [GMT 2:00]

ausgeführt von:: c:\users\chi\Desktop\cofi.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-05-16 bis 2011-06-16  ))))))))))))))))))))))))))))))

.

.

2011-06-16 23:39 . 2011-06-16 23:39        --------        d-----w-        c:\windows\Standalone System Sweeper

2011-06-16 19:18 . 2011-06-16 19:18        --------        d-----w-        C:\cofi

2011-06-16 14:49 . 2011-06-16 14:53        --------        d-----w-        C:\_OTL

2011-06-15 18:56 . 2011-06-15 18:56        --------        d-----w-        c:\program files (x86)\Driver Cleaner Pro

2011-06-15 15:22 . 2011-06-15 15:23        --------        d-----w-        c:\program files (x86)\Microsoft Security Client

2011-06-15 15:22 . 2011-06-15 15:23        --------        d-----w-        c:\program files\Microsoft Security Client

2011-06-15 14:33 . 2011-05-29 07:11        39984        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-15 14:33 . 2011-06-15 14:33        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-06-14 22:40 . 2011-05-29 07:11        25912        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-06-14 19:43 . 2011-05-03 05:29        976896        ----a-w-        c:\windows\system32\inetcomm.dll

2011-06-14 19:43 . 2011-05-03 04:30        741376        ----a-w-        c:\windows\SysWow64\inetcomm.dll

2011-06-12 21:18 . 2011-06-16 19:03        --------        d-----w-        c:\program files (x86)\JDownloader_nightly

2011-06-10 15:08 . 2011-06-10 15:08        --------        d-----w-        c:\program files\Microsoft SQL Server

2011-06-10 15:08 . 2011-06-10 15:08        --------        d-----w-        c:\program files (x86)\Microsoft SQL Server

2011-06-10 15:08 . 2011-06-10 15:08        --------        d-----w-        c:\program files\Microsoft Sync Framework

2011-06-10 14:56 . 2011-06-10 14:56        --------        d-----w-        c:\program files (x86)\Microsoft Visual Studio 9.0

2011-06-10 14:56 . 2011-06-10 14:56        --------        d-----w-        c:\windows\system32\1031

2011-06-10 14:56 . 2011-06-10 15:08        --------        d-----w-        c:\program files (x86)\Microsoft SDKs

2011-06-08 12:34 . 2011-06-08 12:34        --------        d-----w-        c:\program files (x86)\LibreOffice 3.4

2011-06-07 17:17 . 2011-05-16 16:35        231600        ----a-w-        c:\windows\system32\drivers\VBoxDrv.sys

2011-06-07 17:16 . 2011-05-16 16:35        56752        ----a-w-        c:\windows\system32\drivers\VBoxUSBMon.sys

2011-06-07 17:16 . 2011-06-07 17:17        --------        d-----w-        c:\program files\VirtualBox

2011-06-03 23:21 . 2011-06-03 23:21        --------        d-----w-        c:\program files\Microsoft Xbox 360 Accessories

2011-05-30 22:30 . 2011-05-30 22:30        --------        d-----w-        c:\program files (x86)\SystemRequirementsLab

2011-05-30 18:48 . 2011-06-09 14:19        --------        d-----w-        c:\users\UpdatusUser

2011-05-30 18:48 . 2011-06-09 14:19        --------        d-----w-        c:\program files (x86)\NVIDIA Corporation

2011-05-30 18:46 . 2011-04-08 05:14        1619048        ----a-w-        c:\windows\system32\nvdispco6420140.dll

2011-05-30 18:46 . 2011-04-08 05:14        1404008        ----a-w-        c:\windows\system32\nvgenco642060.dll

2011-05-29 20:54 . 2011-04-22 22:15        27520        ----a-w-        c:\windows\system32\drivers\Diskdump.sys

2011-05-29 20:51 . 2011-06-11 05:23        404640        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-19 06:31 . 2011-04-09 06:58        142336        ----a-w-        c:\windows\system32\poqexec.exe

2011-05-19 06:31 . 2011-04-09 05:56        123904        ----a-w-        c:\windows\SysWow64\poqexec.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-15 13:21 . 2010-10-02 13:17        525544        ----a-w-        c:\windows\system32\deployJava1.dll

2011-05-25 07:25 . 2011-04-07 21:19        1016936        ----a-w-        c:\windows\system32\nvvsvc.exe

2011-05-25 07:25 . 2011-04-07 21:19        2560616        ----a-w-        c:\windows\system32\nvsvcr.dll

2011-05-25 07:25 . 2011-04-07 21:18        3040872        ----a-w-        c:\windows\system32\nvsvc64.dll

2011-05-25 07:25 . 2010-10-16 12:13        61544        ----a-w-        c:\windows\system32\nvshext.dll

2011-05-25 07:25 . 2011-04-07 21:19        117864        ----a-w-        c:\windows\system32\nvmctray.dll

2011-05-25 07:25 . 2011-04-07 21:19        6300776        ----a-w-        c:\windows\system32\nvcpl.dll

2011-05-25 07:25 . 2011-04-07 21:19        739432        ----a-w-        c:\windows\system32\easyUpdatusAPIU64.dll

2011-05-25 07:25 . 2009-07-13 21:59        8863336        ----a-w-        c:\windows\system32\nvwgf2umx.dll

2011-05-25 07:25 . 2009-07-13 21:59        15223912        ----a-w-        c:\windows\system32\nvd3dumx.dll

2011-05-25 07:25 . 2010-11-27 12:38        11992680        ----a-w-        c:\windows\SysWow64\nvd3dum.dll

2011-05-25 07:25 . 2010-11-27 12:37        2644584        ----a-w-        c:\windows\system32\nvapi64.dll

2011-05-16 16:35 . 2011-05-16 16:35        176560        ----a-w-        c:\windows\system32\drivers\VBoxNetFlt.sys

2011-05-16 16:35 . 2011-05-16 16:35        156912        ----a-w-        c:\windows\system32\drivers\VBoxNetAdp.sys

2011-05-16 16:35 . 2011-05-16 16:35        320816        ----a-w-        c:\windows\system32\VBoxNetFltNotify.dll

2011-04-22 11:03 . 2011-04-22 11:03        9032016        ----a-w-        c:\windows\system32\mfc100ud.dll

2011-04-22 11:03 . 2011-04-22 11:03        8955728        ----a-w-        c:\windows\system32\mfc100d.dll

2011-04-22 11:03 . 2011-04-22 11:03        120144        ----a-w-        c:\windows\system32\mfcm100ud.dll

2011-04-22 11:03 . 2011-04-22 11:03        118608        ----a-w-        c:\windows\system32\mfcm100d.dll

2011-04-22 10:58 . 2011-04-22 10:58        106832        ----a-w-        c:\windows\system32\vcomp100d.dll

2011-04-22 10:15 . 2011-04-22 10:15        87888        ----a-w-        c:\windows\SysWow64\vcomp100d.dll

2011-04-22 10:15 . 2011-04-22 10:15        80720        ----a-w-        c:\windows\SysWow64\mfcm100u.dll

2011-04-22 10:15 . 2011-04-22 10:15        80208        ----a-w-        c:\windows\SysWow64\mfcm100.dll

2011-04-22 10:15 . 2011-04-22 10:15        6994256        ----a-w-        c:\windows\SysWow64\mfc100ud.dll

2011-04-22 10:15 . 2011-04-22 10:15        6926672        ----a-w-        c:\windows\SysWow64\mfc100d.dll

2011-04-22 10:15 . 2011-04-22 10:15        64336        ----a-w-        c:\windows\SysWow64\mfc100fra.dll

2011-04-22 10:15 . 2011-04-22 10:15        64336        ----a-w-        c:\windows\SysWow64\mfc100deu.dll

2011-04-22 10:15 . 2011-04-22 10:15        63824        ----a-w-        c:\windows\SysWow64\mfc100esn.dll

2011-04-22 10:15 . 2011-04-22 10:15        62288        ----a-w-        c:\windows\SysWow64\mfc100ita.dll

2011-04-22 10:15 . 2011-04-22 10:15        60752        ----a-w-        c:\windows\SysWow64\mfc100rus.dll

2011-04-22 10:15 . 2011-04-22 10:15        55120        ----a-w-        c:\windows\SysWow64\mfc100enu.dll

2011-04-22 10:15 . 2011-04-22 10:15        51024        ----a-w-        c:\windows\SysWow64\vcomp100.dll

2011-04-22 10:15 . 2011-04-22 10:15        43856        ----a-w-        c:\windows\SysWow64\mfc100jpn.dll

2011-04-22 10:15 . 2011-04-22 10:15        4368720        ----a-w-        c:\windows\SysWow64\mfc100u.dll

2011-04-22 10:15 . 2011-04-22 10:15        4342600        ----a-w-        c:\windows\SysWow64\mfc100.dll

2011-04-22 10:15 . 2011-04-22 10:15        43344        ----a-w-        c:\windows\SysWow64\mfc100kor.dll

2011-04-22 10:15 . 2011-04-22 10:15        36176        ----a-w-        c:\windows\SysWow64\mfc100cht.dll

2011-04-22 10:15 . 2011-04-22 10:15        36176        ----a-w-        c:\windows\SysWow64\mfc100chs.dll

2011-04-22 10:15 . 2011-04-22 10:15        104784        ----a-w-        c:\windows\SysWow64\mfcm100ud.dll

2011-04-22 10:15 . 2011-04-22 10:15        103248        ----a-w-        c:\windows\SysWow64\mfcm100d.dll

2011-04-22 08:43 . 2011-04-22 08:43        91472        ----a-w-        c:\windows\system32\mfcm100u.dll

2011-04-22 08:43 . 2011-04-22 08:43        91472        ----a-w-        c:\windows\system32\mfcm100.dll

2011-04-22 08:43 . 2011-04-22 08:43        64336        ----a-w-        c:\windows\system32\mfc100fra.dll

2011-04-22 08:43 . 2011-04-22 08:43        64336        ----a-w-        c:\windows\system32\mfc100deu.dll

2011-04-22 08:43 . 2011-04-22 08:43        63824        ----a-w-        c:\windows\system32\mfc100esn.dll

2011-04-22 08:43 . 2011-04-22 08:43        62288        ----a-w-        c:\windows\system32\mfc100ita.dll

2011-04-22 08:43 . 2011-04-22 08:43        60752        ----a-w-        c:\windows\system32\mfc100rus.dll

2011-04-22 08:43 . 2011-04-22 08:43        57168        ----a-w-        c:\windows\system32\vcomp100.dll

2011-04-22 08:43 . 2011-04-22 08:43        5523280        ----a-w-        c:\windows\system32\mfc100u.dll

2011-04-22 08:43 . 2011-04-22 08:43        55120        ----a-w-        c:\windows\system32\mfc100enu.dll

2011-04-22 08:43 . 2011-04-22 08:43        5493576        ----a-w-        c:\windows\system32\mfc100.dll

2011-04-22 08:43 . 2011-04-22 08:43        43856        ----a-w-        c:\windows\system32\mfc100jpn.dll

2011-04-22 08:43 . 2011-04-22 08:43        43344        ----a-w-        c:\windows\system32\mfc100kor.dll

2011-04-22 08:43 . 2011-04-22 08:43        36176        ----a-w-        c:\windows\system32\mfc100cht.dll

2011-04-22 08:43 . 2011-04-22 08:43        36176        ----a-w-        c:\windows\system32\mfc100chs.dll

2011-04-09 16:55 . 2011-04-09 16:55        15453336        ----a-w-        c:\windows\SysWow64\xlive.dll

2011-04-09 16:55 . 2011-04-09 16:55        13642904        ----a-w-        c:\windows\SysWow64\xlivefnt.dll

2011-04-09 07:02 . 2011-05-11 05:43        5562240        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-04-09 06:02 . 2011-05-11 05:43        3967872        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:02 . 2011-05-11 05:43        3912576        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2011-04-01 10:42 . 2011-04-01 10:42        178800        ----a-w-        c:\windows\SysWow64\CmdLineExt_x64.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        94208        ----a-w-        c:\users\chi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        94208        ----a-w-        c:\users\chi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        94208        ----a-w-        c:\users\chi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        94208        ----a-w-        c:\users\chi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"VirtualCloneDrive"="c:\program files (x86)\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TTHID;Cinergy Hybrid-Stick HID service;c:\windows\system32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys [x]

R3 UDXTTM6010;Cinergy Hybrid-Stick BDA service;c:\windows\system32\DRIVERS\UDXTTM6010.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]

S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\chi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [2010-12-05 14544]

S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]

S3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]

S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-902355652-2286816670-1636548934-1000Core.job

- c:\users\chi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-02 12:35]

.

2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-902355652-2286816670-1636548934-1000UA.job

- c:\users\chi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-02 12:35]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        97792        ----a-w-        c:\users\chi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        97792        ----a-w-        c:\users\chi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        97792        ----a-w-        c:\users\chi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        97792        ----a-w-        c:\users\chi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.2.2

FF - ProfilePath - c:\users\chi\AppData\Roaming\Mozilla\Firefox\Profiles\jn1rmkw8.default\

FF - user.js: yahoo.homepage.dontask - true

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\users\chi\AppData\Roaming\Dropbox\bin\Dropbox.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-06-16  21:29:19 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-06-16 19:29

.

Vor Suchlauf: 7 Verzeichnis(se), 22.161.883.136 Bytes frei

Nach Suchlauf: 12 Verzeichnis(se), 22.699.429.888 Bytes frei

.

- - End Of File - - 37B6680C12496AA110464223F98CA1A2

--- --- ---

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows 7 Professional

Windows Information:                Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer:        MSI

BIOS Manufacturer:                American Megatrends Inc.

System Manufacturer:                MSI

System Product Name:                MS-7519

Logical Drives Mask:                0x01000f7c
 

Kernel Drivers (total 191):

  0x02E05000 \SystemRoot\system32\ntoskrnl.exe

  0x033EE000 \SystemRoot\system32\hal.dll

  0x00BC7000 \SystemRoot\system32\kdcom.dll

  0x00C4F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

  0x00C9E000 \SystemRoot\system32\PSHED.dll

  0x00CB2000 \SystemRoot\system32\CLFS.SYS

  0x00D10000 \SystemRoot\system32\CI.dll

  0x00E48000 \SystemRoot\system32\drivers\Wdf01000.sys

  0x00EEC000 \SystemRoot\system32\drivers\WDFLDR.SYS

  0x00EFB000 \SystemRoot\system32\drivers\ACPI.sys

  0x00F52000 \SystemRoot\system32\drivers\WMILIB.SYS

  0x00F5B000 \SystemRoot\system32\drivers\msisadrv.sys

  0x00F65000 \SystemRoot\system32\drivers\pci.sys

  0x00F98000 \SystemRoot\system32\drivers\vdrvroot.sys

  0x00FA5000 \SystemRoot\System32\drivers\partmgr.sys

  0x00FBA000 \SystemRoot\system32\drivers\volmgr.sys

  0x010B2000 \SystemRoot\System32\drivers\volmgrx.sys

  0x0110E000 \SystemRoot\system32\drivers\pciide.sys

  0x01115000 \SystemRoot\system32\drivers\PCIIDEX.SYS

  0x01125000 \SystemRoot\System32\drivers\mountmgr.sys

  0x0113F000 \SystemRoot\system32\drivers\vmbus.sys

  0x0117B000 \SystemRoot\system32\drivers\winhv.sys

  0x0118F000 \SystemRoot\system32\drivers\atapi.sys

  0x01198000 \SystemRoot\system32\drivers\ataport.SYS

  0x011C2000 \SystemRoot\system32\drivers\amdxata.sys

  0x01000000 \SystemRoot\system32\drivers\fltmgr.sys

  0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys

  0x01209000 \SystemRoot\System32\Drivers\Ntfs.sys

  0x01496000 \SystemRoot\System32\Drivers\msrpc.sys

  0x014F4000 \SystemRoot\System32\Drivers\ksecdd.sys

  0x0150F000 \SystemRoot\System32\Drivers\cng.sys

  0x01581000 \SystemRoot\System32\drivers\pcw.sys

  0x01592000 \SystemRoot\System32\Drivers\Fs_Rec.sys

  0x01679000 \SystemRoot\system32\drivers\ndis.sys

  0x0176C000 \SystemRoot\system32\drivers\NETIO.SYS

  0x017CC000 \SystemRoot\System32\Drivers\ksecpkg.sys

  0x018EB000 \SystemRoot\System32\drivers\tcpip.sys

  0x01AEF000 \SystemRoot\System32\drivers\fwpkclnt.sys

  0x01B39000 \SystemRoot\system32\drivers\vmstorfl.sys

  0x01B49000 \SystemRoot\system32\drivers\volsnap.sys

  0x01B95000 \SystemRoot\System32\Drivers\spldr.sys

  0x01B9D000 \SystemRoot\System32\drivers\rdyboost.sys

  0x01BD7000 \SystemRoot\System32\Drivers\mup.sys

  0x01BE9000 \SystemRoot\System32\drivers\hwpolicy.sys

  0x01800000 \SystemRoot\System32\DRIVERS\fvevol.sys

  0x0183A000 \SystemRoot\system32\DRIVERS\disk.sys

  0x01850000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

  0x01880000 \SystemRoot\system32\drivers\cdrom.sys

  0x018AA000 \SystemRoot\system32\DRIVERS\MpFilter.sys

  0x018DB000 \SystemRoot\System32\Drivers\Null.SYS

  0x018E4000 \SystemRoot\System32\Drivers\Beep.SYS

  0x01BF2000 \SystemRoot\System32\drivers\vga.sys

  0x01600000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

  0x01625000 \SystemRoot\System32\drivers\watchdog.sys

  0x01635000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0x0163E000 \SystemRoot\system32\drivers\rdpencdd.sys

  0x01647000 \SystemRoot\system32\drivers\rdprefmp.sys

  0x01650000 \SystemRoot\System32\Drivers\Msfs.SYS

  0x0165B000 \SystemRoot\System32\Drivers\Npfs.SYS

  0x0159C000 \SystemRoot\system32\DRIVERS\tdx.sys

  0x0166C000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0x01400000 \SystemRoot\system32\drivers\afd.sys

  0x013AC000 \SystemRoot\System32\DRIVERS\netbt.sys

  0x017F7000 \SystemRoot\system32\DRIVERS\wfplwf.sys

  0x015BE000 \SystemRoot\system32\DRIVERS\vwififlt.sys

  0x015D4000 \SystemRoot\system32\DRIVERS\netbios.sys

  0x015E3000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0x01489000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys

  0x01060000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys

  0x01097000 \SystemRoot\system32\drivers\termdd.sys

  0x02EAD000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0x02EFE000 \SystemRoot\system32\drivers\nsiproxy.sys

  0x02F0A000 \SystemRoot\system32\drivers\mssmbios.sys

  0x02F15000 \SystemRoot\System32\Drivers\ElbyCDIO.sys

  0x02F20000 \SystemRoot\System32\drivers\discache.sys

  0x02F2F000 \SystemRoot\system32\drivers\csc.sys

  0x02FB2000 \SystemRoot\System32\Drivers\dfsc.sys

  0x02FD0000 \SystemRoot\system32\DRIVERS\blbdrive.sys

  0x02E00000 \SystemRoot\system32\DRIVERS\tunnel.sys

  0x02E26000 \SystemRoot\system32\DRIVERS\intelppm.sys

  0x0F2F0000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

  0x0FF9E000 \SystemRoot\System32\Drivers\nvBridge.kmd

  0x03CA3000 \SystemRoot\System32\drivers\dxgkrnl.sys

  0x03D97000 \SystemRoot\System32\drivers\dxgmms1.sys

  0x03DDD000 \SystemRoot\system32\DRIVERS\usbuhci.sys

  0x03C00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0x03C56000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0x03C67000 \SystemRoot\system32\drivers\HDAudBus.sys

  0x0FFA3000 \SystemRoot\system32\DRIVERS\parport.sys

  0x03C8B000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

  0x03DEA000 \SystemRoot\system32\drivers\CompositeBus.sys

  0x0FFC0000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

  0x0FFD6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0x0F200000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0x0F20C000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0x0F23B000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0x0F256000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0x0F277000 \SystemRoot\system32\DRIVERS\rassstp.sys

  0x03DFA000 \SystemRoot\system32\DRIVERS\vHidDev.sys

  0x0F291000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

  0x03C98000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

  0x0F2AA000 \SystemRoot\system32\DRIVERS\rdpbus.sys

  0x0F2B5000 \SystemRoot\system32\drivers\kbdclass.sys

  0x0F2C4000 \SystemRoot\system32\drivers\mouclass.sys

  0x0F2D3000 \SystemRoot\system32\DRIVERS\VClone.sys

  0x02E3C000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

  0x02E6B000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys

  0x03CA1000 \SystemRoot\system32\drivers\swenum.sys

  0x00E00000 \SystemRoot\system32\drivers\ks.sys

  0x02E95000 \SystemRoot\system32\drivers\umbus.sys

  0x04288000 \SystemRoot\system32\drivers\usbhub.sys

  0x042E2000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0x042F7000 \SystemRoot\system32\DRIVERS\mouhid.sys

  0x04304000 \SystemRoot\system32\drivers\kbdhid.sys

  0x04C39000 \SystemRoot\system32\drivers\RTKVHD64.sys

  0x04E86000 \SystemRoot\system32\drivers\portcls.sys

  0x04EC3000 \SystemRoot\system32\drivers\drmk.sys

  0x04EE5000 \SystemRoot\system32\drivers\ksthunk.sys

  0x00000000 \SystemRoot\System32\win32k.sys

  0x04EEB000 \SystemRoot\System32\drivers\Dxapi.sys

  0x04EF7000 \SystemRoot\system32\drivers\usbccgp.sys

  0x04F14000 \SystemRoot\system32\drivers\USBD.SYS

  0x04F16000 \SystemRoot\system32\drivers\Lycosa.sys

  0x04F1B000 \SystemRoot\system32\drivers\hidusb.sys

  0x04F29000 \SystemRoot\system32\DRIVERS\monitor.sys

  0x04312000 \SystemRoot\system32\DRIVERS\netr28ux.sys

  0x04F37000 \SystemRoot\system32\DRIVERS\vwifibus.sys

  0x04F44000 \SystemRoot\system32\drivers\USBSTOR.SYS

  0x00510000 \SystemRoot\System32\TSDDD.dll

  0x00790000 \SystemRoot\System32\cdd.dll

  0x04F5F000 \SystemRoot\system32\drivers\luafv.sys

  0x04F82000 \SystemRoot\system32\drivers\WudfPf.sys

  0x04FA3000 \SystemRoot\system32\DRIVERS\nwifi.sys

  0x04C00000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0x05829000 \SystemRoot\system32\drivers\HTTP.sys

  0x058F2000 \SystemRoot\system32\DRIVERS\bowser.sys

  0x05910000 \SystemRoot\System32\drivers\mpsdrv.sys

  0x05928000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0x05955000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

  0x059A3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

  0x059C7000 \SystemRoot\system32\DRIVERS\cdfs.sys

  0x05E74000 \SystemRoot\system32\drivers\peauth.sys

  0x05F1A000 \SystemRoot\System32\Drivers\secdrv.SYS

  0x05F25000 \SystemRoot\System32\DRIVERS\srvnet.sys

  0x05F56000 \SystemRoot\System32\drivers\tcpipreg.sys

  0x05F68000 \??\C:\Users\chi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys

  0x05F6F000 \SystemRoot\System32\DRIVERS\srv2.sys

  0x062A7000 \SystemRoot\System32\DRIVERS\srv.sys

  0x0633F000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

  0x063E1000 \SystemRoot\system32\DRIVERS\asyncmac.sys

  0x063EC000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS

  0x008F0000 \SystemRoot\System32\ATMFD.DLL

  0x76F90000 \Windows\System32\ntdll.dll

  0x47FB0000 \Windows\System32\smss.exe

  0xFF2B0000 \Windows\System32\apisetschema.dll

  0xFFD70000 \Windows\System32\autochk.exe

  0xFF040000 \Windows\System32\iertutil.dll

  0xFEF70000 \Windows\System32\usp10.dll

  0xFEE40000 \Windows\System32\rpcrt4.dll

  0xFEE10000 \Windows\System32\imm32.dll

  0xFED90000 \Windows\System32\difxapi.dll

  0xFECB0000 \Windows\System32\oleaut32.dll

  0xFEC60000 \Windows\System32\ws2_32.dll

  0xFEC50000 \Windows\System32\nsi.dll

  0xFEAD0000 \Windows\System32\urlmon.dll

  0xFEAB0000 \Windows\System32\sechost.dll

  0xFEAA0000 \Windows\System32\lpk.dll

  0xFE970000 \Windows\System32\wininet.dll

  0x76E70000 \Windows\System32\kernel32.dll

  0xFE890000 \Windows\System32\advapi32.dll

  0xFE680000 \Windows\System32\ole32.dll

  0xFE5E0000 \Windows\System32\comdlg32.dll

  0xFE580000 \Windows\System32\Wldap32.dll

  0xFE4E0000 \Windows\System32\clbcatq.dll

  0xFE4C0000 \Windows\System32\imagehlp.dll

  0xFE2E0000 \Windows\System32\setupapi.dll

  0xFE1D0000 \Windows\System32\msctf.dll

  0x76D70000 \Windows\System32\user32.dll

  0xFD440000 \Windows\System32\shell32.dll

  0x77160000 \Windows\System32\psapi.dll

  0x77150000 \Windows\System32\normaliz.dll

  0xFD3D0000 \Windows\System32\gdi32.dll

  0xFD330000 \Windows\System32\msvcrt.dll

  0xFD2B0000 \Windows\System32\shlwapi.dll

  0xFD210000 \Windows\System32\comctl32.dll

  0xFD1F0000 \Windows\System32\devobj.dll

  0xFD180000 \Windows\System32\KernelBase.dll

  0xFD010000 \Windows\System32\crypt32.dll

  0xFCFD0000 \Windows\System32\cfgmgr32.dll

  0xFCF90000 \Windows\System32\wintrust.dll

  0xFCF80000 \Windows\System32\msasn1.dll
 

Processes (total 49):

       0 System Idle Process

       4 System

     268 C:\Windows\System32\smss.exe

     468 csrss.exe

     536 C:\Windows\System32\wininit.exe

     552 csrss.exe

     588 C:\Windows\System32\services.exe

     604 C:\Windows\System32\lsass.exe

     612 C:\Windows\System32\lsm.exe

     740 C:\Windows\System32\winlogon.exe

     776 C:\Windows\System32\svchost.exe

     840 C:\Windows\System32\nvvsvc.exe

     880 C:\Windows\System32\svchost.exe

     972 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

     284 C:\Windows\System32\svchost.exe

     488 C:\Windows\System32\svchost.exe

     672 C:\Windows\System32\svchost.exe

    1136 C:\Windows\System32\svchost.exe

    1252 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

    1268 C:\Windows\System32\nvvsvc.exe

    1296 C:\Windows\System32\svchost.exe

    1500 C:\Windows\System32\taskeng.exe

    1512 C:\Windows\System32\spoolsv.exe

    1556 C:\Windows\System32\svchost.exe

    1588 C:\Windows\System32\rundll32.exe

    1700 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    1796 C:\Windows\System32\taskhost.exe

    1952 C:\Windows\System32\dwm.exe

    1980 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    2020 C:\Windows\System32\svchost.exe

    1656 C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

    2032 C:\Windows\explorer.exe

    2140 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    3008 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    1768 WUDFHost.exe

    2096 C:\Windows\System32\svchost.exe

    2596 C:\Program Files\Microsoft Security Client\msseces.exe

    2656 C:\Program Files\Windows Sidebar\sidebar.exe

    2716 C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe

    2720 C:\Program Files (x86)\Everything\Everything.exe

     808 C:\Users\chi\AppData\Roaming\Dropbox\bin\Dropbox.exe

    2132 C:\Program Files\Windows Media Player\wmpnetwk.exe

    2264 WmiPrvSE.exe

    3548 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

    2580 C:\Windows\System32\audiodg.exe

    1536 WmiPrvSE.exe

    3688 C:\Users\chi\Desktop\MBRCheck.exe

    1712 C:\Windows\System32\conhost.exe

    1248 C:\Windows\System32\dllhost.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)

\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000012`4f900000  (NTFS)

\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000018`6a000000  (NTFS)

\\.\Y: --> \\.\PhysicalDrive1 at offset 0x00000000`06500000  (NTFS)
 

PhysicalDrive0 Model Number: SAMSUNGHD103SJ, Rev: 1AJ10001

PhysicalDrive1 Model Number: SAMSUNGHD103SJ, Rev: 1AJ100E4
 

      Size  Device Name          MBR Status

  --------------------------------------------

    931 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected

            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

    931 GB  \\.\PhysicalDrive1   Windows 7 MBR code detected

            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
 
 

Done!