Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   "Bundespolizei Trojaner" komplett entfernt? (https://www.trojaner-board.de/105118-bundespolizei-trojaner-komplett-entfernt.html)

Ben89 15.11.2011 17:06
"Bundespolizei Trojaner" komplett entfernt?
 
Guten Tag,

vor zwei Tagen wurde mein System mit dem "Bundespolizei-Trojaner" infiziert, welcher den PC sperrt und nur eine Meldung anzeigt, auf der man dazu aufgefordert wird per UCASH oder PaySafe Card 100€ zu bezahlen.

Daraufhin habe ich recherchiert und versucht das Problem selbst zu lösen, bin mir aber nicht ganz sicher, ob ich den Trojaner komplett los bin, weshalb ich hier nun den Rat von Experten suche.

Zunächst habe ich im abgesicherten Modus in der Regestry nach einem Prozess namens "mahamd" oder so ähnlich gesucht, welchen ich gelöscht habe, dieser sperrte offensichtlich den PC. Eingenistet war er in meinem Antivir, dass die Bedrohung auch erkannt hatte, jedoch stand bei ausgeführte Aktion "Zugriff erlauben".

Daraufhin wollte ich die Systemwiederherstellung nutzen, dies schlug aber nach dem Neustart dann fehl, weil keine Systemwiederherstellpunkte vorhanden waren, diese wurden wohl gelöscht, weshalb ich nur vermuten kann, dass ich eine neuere Version von dem Trojaner bekommen habe.

In Folge dessen habe ich mir dann den CCleaner, Malwarebytes Antimalware und Superantispyware geladen und alle Programme durchlaufen lassen. Ebenso habe ich das Antivir deinstalliert und durch die Testversion von Kaspersky ersetzt. Dabei haben Superantispyware wie auch Kaspersky Bedrohungen gefunden und gelöscht und sagen mir nun, mein PC sei sicher.

Dessen bin ich mir leider nicht sicher, da im Taskmanager unter Prozesse "viel Bewegung" herscht, also die einzelnen Prozesse wechseln die Position, so als würde für Sekundenbruchteile ein Prozess da sein und wieder verschwinden. Ich hoffe man kann einigermaßen verstehen was ich meine.

Nun erhoffe ich mir, dass durch Einsicht der Logs mehr Klarheit geschaffen werden kann. Ich danke schonmal im voraus für die Hilfe!

Hier das OTL Logfile:

OTL logfile created on: 15.11.2011 12:59:21 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\xxxx\Desktop
64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 48,75% Memory free
4,23 Gb Paging File | 2,74 Gb Available in Paging File | 64,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,52 Gb Total Space | 5,08 Gb Free Space | 6,82% Space Free | Partition Type: NTFS
Drive D: | 111,78 Gb Total Space | 17,68 Gb Free Space | 15,82% Space Free | Partition Type: NTFS

Computer Name: B1 | User Name: xxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.11.15 12:57:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
PRC - [2011.11.07 00:48:05 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.10.28 17:55:02 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2009.11.23 15:16:10 | 000,745,576 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
PRC - [2009.11.23 12:09:06 | 000,043,056 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe
PRC - [2009.11.23 12:08:58 | 000,358,448 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2009.11.23 12:06:52 | 000,053,808 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe
PRC - [2009.10.20 09:00:22 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nisvcloc.exe
PRC - [2009.09.29 11:56:52 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lkcitdl.exe
PRC - [2009.06.15 19:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
PRC - [2009.04.14 06:45:30 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE


========== Modules (No Company Name) ==========

MOD - [2011.11.07 00:48:04 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtGui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtSql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtScript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtNetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtCore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtDeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll
MOD - [2010.10.28 17:55:02 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2010.10.28 17:55:02 | 000,348,160 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
MOD - [2010.10.28 17:55:02 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2010.10.28 17:55:02 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2010.10.28 17:55:02 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2010.10.28 17:55:02 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2008.01.19 09:00:52 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.23 15:16:10 | 000,745,576 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2009.11.23 12:09:06 | 000,043,056 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2009.11.23 12:08:58 | 000,358,448 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2009.11.23 12:06:52 | 000,053,808 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2009.10.20 09:00:22 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)
SRV - [2009.09.29 11:56:52 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2009.09.18 09:10:28 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2009.06.15 19:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2009.06.03 09:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Opcenum.exe -- (OpcEnum)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.11.14 19:09:22 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (KL1)
DRV:64bit: - [2010.07.28 23:25:16 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ivusb.sys -- (ivusb)
DRV:64bit: - [2010.06.25 16:08:56 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.06.30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009.06.18 18:45:06 | 003,491,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTKVAC64.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV:64bit: - [2009.06.10 00:46:06 | 000,031,744 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2007.12.06 08:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2005.03.29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.68
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: bug489729@alice0775:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2011.11.14 19:37:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2011.11.14 19:37:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.07 00:48:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.05 12:26:29 | 000,000,000 | ---D | M]

[2010.10.19 21:30:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Extensions
[2011.11.07 00:48:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions
[2011.02.20 21:22:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.07 00:48:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.07.28 23:07:49 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.05.21 08:58:59 | 000,000,000 | ---D | M] ("bug489729") -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\bug489729@alice0775
[2011.11.09 13:34:59 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-1.xml
[2011.10.05 01:17:47 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-10.xml
[2011.11.09 14:13:30 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-11.xml
[2010.12.11 13:58:57 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-2.xml
[2011.03.10 10:17:58 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-3.xml
[2011.04.05 16:03:13 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-4.xml
[2011.05.10 23:38:28 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-5.xml
[2011.05.19 20:07:01 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-6.xml
[2011.06.22 19:42:12 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-7.xml
[2011.06.29 11:38:53 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-8.xml
[2011.08.20 19:48:28 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-9.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin.xml
[2011.08.25 19:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.16 12:40:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.10.22 10:17:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.25 19:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.06 12:51:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.11.14 19:37:54 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\LINKFILTER@KASPERSKY.RU
[2011.11.14 19:37:54 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU
[2011.11.07 00:48:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007.02.08 09:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll
[2010.01.08 21:08:52 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll
[2011.11.07 00:48:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.07 00:48:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.07 00:48:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.07 00:48:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.07 00:48:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.07 00:48:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKCU..\Run: [avupdate] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A57B1C92-0FAE-4CA5-BF60-3085AD8951B7}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell - "" = AutoRun
O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell\install\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{8d478b9e-dd1e-11df-9039-0015f2004703}\Shell - "" = AutoRun
O33 - MountPoints2\{8d478b9e-dd1e-11df-9039-0015f2004703}\Shell\AutoRun\command - "" = I:\Autorun\CDRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.11.15 12:58:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
[2011.11.15 12:44:03 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Desktop\Neuer Ordner (3)
[2011.11.14 19:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2012
[2011.11.14 19:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.11.14 19:10:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011.11.14 19:09:22 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011.11.13 23:39:35 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\SUPERAntiSpyware.com
[2011.11.13 23:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.11.13 23:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.11.13 23:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.11.13 13:22:18 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Malwarebytes
[2011.11.13 13:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.13 13:22:07 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.11.13 13:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.11.13 13:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.11.11 19:41:37 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Documents\avatare
[1 C:\Users\xxxx\*.tmp files -> C:\Users\xxxx\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.11.15 12:57:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
[2011.11.15 12:54:02 | 000,143,845 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.11.15 12:54:02 | 000,143,845 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.11.15 12:50:46 | 001,445,116 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.15 12:50:46 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.15 12:50:46 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.15 12:50:46 | 000,126,054 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.15 12:50:46 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.15 12:46:26 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.15 12:46:26 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.15 12:46:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.15 12:46:06 | 2147,016,704 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.15 12:43:38 | 000,000,188 | ---- | M] () -- C:\Users\xxxx\defogger_reenable
[2011.11.14 19:13:56 | 000,017,408 | ---- | M] () -- C:\Users\xxxx\AppData\Local\WebpageIcons.db
[2011.11.14 19:12:25 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011.11.14 19:12:25 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011.11.14 19:09:22 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011.11.13 23:38:32 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.13 18:55:08 | 000,007,776 | ---- | M] () -- C:\Users\xxxx\Documents\cc_20111113_185456.reg
[2011.11.13 15:53:34 | 000,232,568 | ---- | M] () -- C:\Users\xxxx\Documents\cc_20111113_155258.reg
[2011.11.06 10:12:44 | 000,006,944 | ---- | M] () -- C:\Users\xxxx\AppData\Local\d3d9caps.dat
[2011.10.24 00:49:31 | 000,087,040 | ---- | M] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Users\xxxx\*.tmp files -> C:\Users\xxxx\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.11.15 12:43:37 | 000,000,188 | ---- | C] () -- C:\Users\xxxx\defogger_reenable
[2011.11.14 19:13:47 | 000,017,408 | ---- | C] () -- C:\Users\xxxx\AppData\Local\WebpageIcons.db
[2011.11.14 19:12:25 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2011.11.14 19:12:25 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2011.11.13 23:38:32 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.13 19:21:56 | 2147,016,704 | -HS- | C] () -- C:\hiberfil.sys
[2011.11.13 18:55:03 | 000,007,776 | ---- | C] () -- C:\Users\xxxx\Documents\cc_20111113_185456.reg
[2011.11.13 15:53:04 | 000,232,568 | ---- | C] () -- C:\Users\xxxx\Documents\cc_20111113_155258.reg
[2011.06.13 02:00:23 | 000,000,732 | ---- | C] () -- C:\Users\xxxx\AppData\Local\d3d9caps64.dat
[2011.01.09 04:51:27 | 000,006,944 | ---- | C] () -- C:\Users\xxxx\AppData\Local\d3d9caps.dat
[2011.01.01 21:09:53 | 000,004,096 | -H-- | C] () -- C:\Users\xxxx\AppData\Local\keyfile3.drm
[2010.10.24 19:31:02 | 000,143,845 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.10.24 19:31:01 | 000,143,845 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.10.24 12:19:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.24 12:09:53 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.10.23 02:11:06 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010.10.22 21:41:28 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010.10.22 21:40:48 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010.10.22 21:40:07 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010.10.21 18:40:03 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2010.10.21 16:56:09 | 000,005,824 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2010.10.18 20:58:17 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.10.17 18:19:40 | 000,087,040 | ---- | C] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.14 13:15:52 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\nirpc.ini
[2009.04.14 06:45:20 | 000,154,144 | ---- | C] () -- C:\Windows\SysWow64\RTLCPAPI.dll
[2009.04.14 06:45:04 | 000,044,064 | ---- | C] () -- C:\Windows\CPLUtl64.exe
[2006.11.02 16:34:20 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005.04.06 16:27:14 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2005.04.06 16:24:40 | 001,216,512 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

========== LOP Check ==========

[2011.10.03 15:36:56 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Canon
[2011.11.13 13:21:13 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\DAEMON Tools Lite
[2011.07.02 15:00:49 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\go
[2011.03.11 22:29:35 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\HTC
[2011.03.11 22:30:14 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.11.12 16:10:23 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\ICQ
[2011.03.10 11:56:48 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\LolClient
[2010.11.06 15:17:51 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\PTC
[2011.11.14 17:40:09 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\QuickScan
[2010.10.27 19:07:32 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Scendix Software
[2011.03.15 02:30:33 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\SkyTestAB1
[2011.02.20 13:19:40 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Softland
[2011.11.14 23:10:20 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\TS3Client
[2011.11.15 12:44:49 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

cosinus 16.11.2011 10:52
Zitat:
In Folge dessen habe ich mir dann den CCleaner, Malwarebytes Antimalware und SUPERAntiSpyware geladen und alle Programme durchlaufen lassen. Ebenso habe ich das Antivir deinstalliert und durch die Testversion von Kaspersky ersetzt. Dabei haben SUPERAntiSpyware wie auch Kaspersky Bedrohungen gefunden und gelöscht und sagen mir nun, mein PC sei sicher.
Bitte von allen Tools alle Logs posten

Ben89 16.11.2011 18:44
Hallo,
da war ich wohl sehr nachlässig :/ , diese nicht alle direkt zu speichern. Der Log-Ordner von SuperAntispyware z.B. ist leer. Ich denke das war ich wohl selbst, da der CCleaner ja temporäre Dateien löscht. Antivir habe ja deinstalliert, da kann ich mich wirklich nur über meine Kurzsichtigkeit ärgern...
Na ja ich poste hier mal was ich habe und hoffe dass das weiterhilft..


hier der Report von Malwarebytes:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7622

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 9.0.8112.16421

13.11.2011 15:30:49
mbam-log-2011-11-13 (15-30-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 386121
Laufzeit: 1 Stunde(n), 0 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)



Hier die Funde von Kaspersky:

Typ: trojanisches Programm (12)
Trojan-Spy.Win32.Wexd.p Gelöscht 14.11.2011 22:33:25
Trojan-Spy.Win32.Wexd.p Gelöscht 14.11.2011 22:33:25
Trojan-Spy.Win32.Wexd.p Gelöscht 14.11.2011 22:33:18
Trojan-Spy.Win32.Wexd.p Gelöscht 14.11.2011 22:33:18
Exploit.Java.CVE-2010-4452.a Gelöscht 14.11.2011 22:33:11
Exploit.Java.CVE-2010-4452.a Gelöscht 14.11.2011 22:33:11
Exploit.Java.CVE-2010-4452.a Gelöscht 14.11.2011 22:33:11
Exploit.Java.CVE-2010-4452.a Gelöscht 14.11.2011 22:33:10
Exploit.Java.CVE-2010-4452.a Gelöscht 14.11.2011 22:33:10
Exploit.Java.CVE-2010-4452.a Gelöscht 14.11.2011 22:33:10
Exploit.Java.CVE-2010-0840.en Desinfiziert 14.11.2011 22:32:08
Exploit.Java.CVE-2010-0840.en Gelöscht 14.11.2011 22:32:08

cosinus 16.11.2011 20:16
Zitat:
Hier die Funde von Kaspersky:
Das ist KEIN komplettes Log. Die Schädlingsnamen allein reichen nicht! Die Pfadnangaben bzw. welche Dateien genau gemeldet wurden fehlen!

Ben89 17.11.2011 15:00
Hallo, ich habe nochmal genau geschaut im Kaspersky, wenn ich da auf "Berichte" gehe und dann bei Untersuchung, sehe ich den Suchlauf zwar, aber wenn ich das nun speichere, sind da wieder keine Pfadangaben und das ist ja dann wieder nicht das komplette Logfile, welches du brauchst.

Gibt es da eine Möglichkeit die ich übersehe, an die Logs zu kommen? Oder lagen die womöglich auch im Temp Ordner?

Bzw. gibt es einen anderen Weg mir zu helfen, nachdem ich das mit den Logs ein wenig versaut habe?

cosinus 17.11.2011 16:02
Dann lass Kaspersky erstmal weg.
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Ben89 17.11.2011 17:12
Nein, weitere Logs von Malwarebytes existieren nicht, nur das von dem Suchlauf, welcher nichts gefunden hat.

cosinus 17.11.2011 20:10
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Ben89 17.11.2011 23:22
Sooo, hier nun endlich das Log, hoffe das gibt dir Aufschluss.



ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4dd7aef404e8e541bd3b3ae1e2286234
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-17 10:08:15
# local_time=2011-11-17 11:08:15 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1280 16777215 100 0 269447 269447 0 0
# compatibility_mode=5892 16776638 100 56 21721341 159084072 0 0
# compatibility_mode=8192 67108863 100 0 4150 4150 0 0
# scanned=233798
# found=0
# cleaned=0
# scan_time=7646

cosinus 18.11.2011 11:27
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Ben89 18.11.2011 19:17
Hier der neue Report von OTL:OTL Logfile:
Code:
OTL logfile created on: 18.11.2011 18:25:46 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\xxxx\Desktop
64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 68,13% Memory free
4,23 Gb Paging File | 2,81 Gb Available in Paging File | 66,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,52 Gb Total Space | 3,90 Gb Free Space | 5,24% Space Free | Partition Type: NTFS
Drive D: | 111,78 Gb Total Space | 17,68 Gb Free Space | 15,82% Space Free | Partition Type: NTFS
 
Computer Name: B1 | User Name: xxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.15 12:57:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.10.28 17:55:02 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2009.11.23 15:16:10 | 000,745,576 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
PRC - [2009.11.23 12:09:06 | 000,043,056 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe
PRC - [2009.11.23 12:08:58 | 000,358,448 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2009.11.23 12:06:52 | 000,053,808 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe
PRC - [2009.10.20 09:00:22 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nisvcloc.exe
PRC - [2009.09.29 11:56:52 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lkcitdl.exe
PRC - [2009.06.15 19:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
PRC - [2009.04.14 06:45:30 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtGui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtSql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtScript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtNetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtCore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\QtDeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll
MOD - [2010.10.28 17:55:02 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2010.10.28 17:55:02 | 000,348,160 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
MOD - [2010.10.28 17:55:02 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2010.10.28 17:55:02 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2010.10.28 17:55:02 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2010.10.28 17:55:02 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2008.01.19 09:00:52 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.23 15:16:10 | 000,745,576 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2009.11.23 12:09:06 | 000,043,056 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2009.11.23 12:08:58 | 000,358,448 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2009.11.23 12:06:52 | 000,053,808 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2009.10.20 09:00:22 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)
SRV - [2009.09.29 11:56:52 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2009.09.18 09:10:28 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2009.06.15 19:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2009.06.03 09:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Opcenum.exe -- (OpcEnum)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.11.14 19:09:22 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (KL1)
DRV:64bit: - [2010.07.28 23:25:16 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ivusb.sys -- (ivusb)
DRV:64bit: - [2010.06.25 16:08:56 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.06.30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009.06.18 18:45:06 | 003,491,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTKVAC64.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV:64bit: - [2009.06.10 00:46:06 | 000,031,744 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2007.12.06 08:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2005.03.29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.68
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: bug489729@alice0775:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2011.11.14 19:37:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2011.11.14 19:37:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.07 00:48:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.05 12:26:29 | 000,000,000 | ---D | M]
 
[2010.10.19 21:30:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Extensions
[2011.11.07 00:48:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions
[2011.02.20 21:22:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.07 00:48:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.07.28 23:07:49 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.05.21 08:58:59 | 000,000,000 | ---D | M] ("bug489729") -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\bug489729@alice0775
[2011.11.16 23:38:13 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-1.xml
[2011.10.05 01:17:47 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-10.xml
[2011.11.09 14:13:30 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-11.xml
[2010.12.11 13:58:57 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-2.xml
[2011.03.10 10:17:58 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-3.xml
[2011.04.05 16:03:13 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-4.xml
[2011.05.10 23:38:28 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-5.xml
[2011.05.19 20:07:01 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-6.xml
[2011.06.22 19:42:12 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-7.xml
[2011.06.29 11:38:53 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-8.xml
[2011.08.20 19:48:28 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-9.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin.xml
[2011.11.18 12:22:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.16 12:40:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.10.22 10:17:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.25 19:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.06 12:51:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.11.18 12:22:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.14 19:37:54 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\LINKFILTER@KASPERSKY.RU
[2011.11.14 19:37:54 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2012\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU
[2011.11.07 00:48:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007.02.08 09:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll
[2010.01.08 21:08:52 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll
[2011.11.07 00:48:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.07 00:48:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.07 00:48:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.07 00:48:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.07 00:48:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.07 00:48:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKCU..\Run: [avupdate]  File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A57B1C92-0FAE-4CA5-BF60-3085AD8951B7}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell - "" = AutoRun
O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell\install\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{8d478b9e-dd1e-11df-9039-0015f2004703}\Shell - "" = AutoRun
O33 - MountPoints2\{8d478b9e-dd1e-11df-9039-0015f2004703}\Shell\AutoRun\command - "" = I:\Autorun\CDRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: 77911033.sys - Driver
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: 77911033.sys - Driver
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: 77911033.sys - Driver
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfRd - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: 77911033.sys - Driver
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfRd - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.18 12:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.11.17 20:51:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.11.17 17:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.17 17:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.11.15 13:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.11.15 13:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2011.11.15 12:58:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
[2011.11.15 12:44:03 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Desktop\Neuer Ordner (3)
[2011.11.14 19:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2012
[2011.11.14 19:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.11.14 19:10:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011.11.14 19:09:22 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011.11.13 23:39:35 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\SUPERAntiSpyware.com
[2011.11.13 23:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.11.13 23:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.11.13 23:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.11.13 13:22:18 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Malwarebytes
[2011.11.13 13:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.13 13:22:07 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.11.13 13:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.11.13 13:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.11.11 19:41:37 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Documents\avatare
[1 C:\Users\xxxx\*.tmp files -> C:\Users\xxxx\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.18 18:10:28 | 000,143,845 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.11.18 18:10:19 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.18 18:10:19 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.18 18:09:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.15 12:57:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
[2011.11.15 12:54:02 | 000,143,845 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.11.15 12:50:46 | 001,445,116 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.15 12:50:46 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.15 12:50:46 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.15 12:50:46 | 000,126,054 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.15 12:50:46 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.15 12:46:06 | 2147,016,704 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.15 12:43:38 | 000,000,188 | ---- | M] () -- C:\Users\xxxx\defogger_reenable
[2011.11.14 19:13:56 | 000,017,408 | ---- | M] () -- C:\Users\xxxx\AppData\Local\WebpageIcons.db
[2011.11.14 19:12:25 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011.11.14 19:12:25 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011.11.14 19:09:22 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011.11.13 23:38:32 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.13 18:55:08 | 000,007,776 | ---- | M] () -- C:\Users\xxxx\Documents\cc_20111113_185456.reg
[2011.11.13 15:53:34 | 000,232,568 | ---- | M] () -- C:\Users\xxxx\Documents\cc_20111113_155258.reg
[2011.11.06 10:12:44 | 000,006,944 | ---- | M] () -- C:\Users\xxxx\AppData\Local\d3d9caps.dat
[2011.10.24 00:49:31 | 000,087,040 | ---- | M] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Users\xxxx\*.tmp files -> C:\Users\xxxx\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.15 12:43:37 | 000,000,188 | ---- | C] () -- C:\Users\xxxx\defogger_reenable
[2011.11.14 19:13:47 | 000,017,408 | ---- | C] () -- C:\Users\xxxx\AppData\Local\WebpageIcons.db
[2011.11.14 19:12:25 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2011.11.14 19:12:25 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2011.11.13 23:38:32 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.13 19:21:56 | 2147,016,704 | -HS- | C] () -- C:\hiberfil.sys
[2011.11.13 18:55:03 | 000,007,776 | ---- | C] () -- C:\Users\xxxx\Documents\cc_20111113_185456.reg
[2011.11.13 15:53:04 | 000,232,568 | ---- | C] () -- C:\Users\xxxx\Documents\cc_20111113_155258.reg
[2011.06.13 02:00:23 | 000,000,732 | ---- | C] () -- C:\Users\xxxx\AppData\Local\d3d9caps64.dat
[2011.01.09 04:51:27 | 000,006,944 | ---- | C] () -- C:\Users\xxxx\AppData\Local\d3d9caps.dat
[2011.01.01 21:09:53 | 000,004,096 | -H-- | C] () -- C:\Users\xxxx\AppData\Local\keyfile3.drm
[2010.10.24 19:31:02 | 000,143,845 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.10.24 19:31:01 | 000,143,845 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.10.24 12:19:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.24 12:09:53 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.10.23 02:11:06 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010.10.22 21:41:28 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010.10.22 21:40:48 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010.10.22 21:40:07 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010.10.21 18:40:03 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2010.10.21 16:56:09 | 000,005,824 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2010.10.18 20:58:17 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.10.17 18:19:40 | 000,087,040 | ---- | C] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.14 13:15:52 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\nirpc.ini
[2009.04.14 06:45:20 | 000,154,144 | ---- | C] () -- C:\Windows\SysWow64\RTLCPAPI.dll
[2009.04.14 06:45:04 | 000,044,064 | ---- | C] () -- C:\Windows\CPLUtl64.exe
[2006.11.02 16:34:20 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005.04.06 16:27:14 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2005.04.06 16:24:40 | 001,216,512 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
 
========== LOP Check ==========
 
[2011.10.03 15:36:56 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Canon
[2011.11.13 13:21:13 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\DAEMON Tools Lite
[2011.07.02 15:00:49 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\go
[2011.03.11 22:29:35 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\HTC
[2011.03.11 22:30:14 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.11.12 16:10:23 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\ICQ
[2011.03.10 11:56:48 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\LolClient
[2010.11.06 15:17:51 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\PTC
[2011.11.14 17:40:09 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\QuickScan
[2010.10.27 19:07:32 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Scendix Software
[2011.03.15 02:30:33 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\SkyTestAB1
[2011.02.20 13:19:40 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Softland
[2011.11.14 23:10:20 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\TS3Client
[2011.11.15 12:44:49 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.03.11 22:21:51 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Adobe
[2011.10.03 15:36:56 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Canon
[2011.11.13 13:21:13 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\DAEMON Tools Lite
[2010.10.23 11:46:22 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\dvdcss
[2011.07.02 15:00:49 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\go
[2011.03.11 22:29:35 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\HTC
[2011.03.11 22:30:14 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.11.12 16:10:23 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\ICQ
[2010.10.17 17:40:16 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Identities
[2011.03.10 11:56:48 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\LolClient
[2010.10.19 16:25:52 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Macromedia
[2011.11.13 13:22:18 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Malwarebytes
[2011.01.20 12:46:32 | 000,000,000 | --SD | M] -- C:\Users\xxxx\AppData\Roaming\Microsoft
[2010.10.19 21:30:27 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Mozilla
[2010.11.06 15:17:51 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\PTC
[2011.11.14 17:40:09 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\QuickScan
[2010.10.27 19:07:32 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Scendix Software
[2011.11.13 13:21:04 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Skype
[2011.06.15 00:05:30 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\skypePM
[2011.03.15 02:30:33 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\SkyTestAB1
[2011.02.20 13:19:40 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Softland
[2011.11.13 23:39:35 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\SUPERAntiSpyware.com
[2011.11.14 23:10:20 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\TS3Client
[2011.11.13 13:21:04 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Ventrilo
[2011.10.03 04:39:08 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\vlc
[2010.10.22 12:23:20 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.04.05 15:05:50 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\xxxx\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2006.11.02 13:03:16 | 000,062,056 | ---- | M] (Microsoft Corporation) MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.19 09:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.19 09:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2010.10.19 14:04:22 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=05001E1FACCE49DB895B8526B05C7302 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_37cb142cf6008bc1\atapi.sys
[2008.01.19 09:07:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2010.10.19 14:04:23 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=BB55C79E0595D8CFBE4A80A3C9EB77EA -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:11:31 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2006.11.02 12:51:48 | 000,280,680 | ---- | M] (Intel Corporation) MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows\SysNative\drivers\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.19 09:03:01 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2006.11.02 12:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 13:02:51 | 000,048,232 | ---- | M] (NVIDIA Corporation) MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.19 09:08:50 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2006.11.02 12:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll
[2008.01.19 09:03:55 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2006.11.02 10:44:25 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=00B53DCA0408CCD8F6BAF13994F6E3A0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_3174f01b5d2fa18f\user32.dll
[2010.10.19 13:48:05 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=296BA70E2A302E639CBD9E2A32DC65C4 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_31ad02315d0545af\user32.dll
[2008.01.19 09:04:23 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.19 08:32:19 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2010.10.19 13:48:05 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=437C1C0CB2A42EA20083F21E9CAEF461 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_32359eb27623cc22\user32.dll
[2010.10.19 13:48:07 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=707CD582A4F93DB789336A5CE9527970 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_275857df28a483b4\user32.dll
[2006.11.02 12:19:10 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=95D5555CC7BD8F520996E35D36491EEF -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_272045c928cedf94\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2010.10.19 13:48:06 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=E4E3ED1E0D1D8C33A9C94ABEA1C8BC96 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_27e0f46041c30a27\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2006.11.02 12:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610939d8d22586d\userinit.exe
[2008.01.19 09:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.19 09:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.19 09:00:45 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.19 09:00:45 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
[2006.11.02 12:16:20 | 000,122,368 | ---- | M] (Microsoft Corporation) MD5=6F92CE5B50283B0C0A7A539ED552039A -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_8ada9256bfc30704\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.19 09:00:45 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 12:16:20 | 000,397,312 | ---- | M] (Microsoft Corporation) MD5=9642EED809219A2F914DD8E40A09C48B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_c9aada9e9063dc57\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.19 07:37:47 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.19 07:37:47 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
[2006.11.02 10:47:52 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=C4EE49DB7EADC812DBC0ECCF2E7FB929 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_a96e7a5c834006a3\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---

cosinus 18.11.2011 19:28
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q="
[2011.11.07 00:48:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.05.21 08:58:59 | 000,000,000 | ---D | M] ("bug489729") -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\bug489729@alice0775
[2011.11.16 23:38:13 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-1.xml
[2011.10.05 01:17:47 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-10.xml
[2011.11.09 14:13:30 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-11.xml
[2010.12.11 13:58:57 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-2.xml
[2011.03.10 10:17:58 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-3.xml
[2011.04.05 16:03:13 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-4.xml
[2011.05.10 23:38:28 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-5.xml
[2011.05.19 20:07:01 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-6.xml
[2011.06.22 19:42:12 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-7.xml
[2011.06.29 11:38:53 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-8.xml
[2011.08.20 19:48:28 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-9.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin.xml
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKCU..\Run: [avupdate]  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell - "" = AutoRun
O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\Shell\install\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{8d478b9e-dd1e-11df-9039-0015f2004703}\Shell - "" = AutoRun
O33 - MountPoints2\{8d478b9e-dd1e-11df-9039-0015f2004703}\Shell\AutoRun\command - "" = I:\Autorun\CDRun.exe
SafeBootMin:64bit: 77911033.sys - Driver
SafeBootMin: 77911033.sys - Driver
SafeBootNet:64bit: 77911033.sys - Driver
SafeBootNet: 77911033.sys - Driver
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Ben89 18.11.2011 19:56
Postwendend die Antwort :)

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" removed from browser.search.defaulturl
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=" removed from keyword.URL
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\bug489729@alice0775\defaults\preferences folder moved successfully.
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\bug489729@alice0775\defaults folder moved successfully.
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\bug489729@alice0775\chrome folder moved successfully.
C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\13bhh6jg.default\extensions\bug489729@alice0775 folder moved successfully.
C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\avupdate deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{596c5a7e-dc85-11df-a84b-0015f2004703}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{596c5a7e-dc85-11df-a84b-0015f2004703}\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{596c5a7e-dc85-11df-a84b-0015f2004703}\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{596c5a7e-dc85-11df-a84b-0015f2004703}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{596c5a7e-dc85-11df-a84b-0015f2004703}\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d478b9e-dd1e-11df-9039-0015f2004703}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d478b9e-dd1e-11df-9039-0015f2004703}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d478b9e-dd1e-11df-9039-0015f2004703}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d478b9e-dd1e-11df-9039-0015f2004703}\ not found.
File I:\Autorun\CDRun.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SafeBootMin 77911033.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77911033.sys\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SafeBootNet 77911033.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77911033.sys\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: xxxx
->Temp folder emptied: 352715192 bytes
->Temporary Internet Files folder emptied: 169226678 bytes
->Java cache emptied: 22279505 bytes
->FireFox cache emptied: 97653473 bytes
->Flash cache emptied: 58346 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 253460 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 613,00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11182011_193659

Files\Folders moved on Reboot...
C:\Users\xxxx\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 18.11.2011 21:34
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Ben89 19.11.2011 15:12
14:59:53.0467 3104 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
14:59:53.0822 3104 ============================================================
14:59:53.0822 3104 Current date / time: 2011/11/19 14:59:53.0822
14:59:53.0822 3104 SystemInfo:
14:59:53.0822 3104
14:59:53.0822 3104 OS Version: 6.0.6002 ServicePack: 2.0
14:59:53.0822 3104 Product type: Workstation
14:59:53.0822 3104 ComputerName: B1
14:59:53.0823 3104 UserName: XXXX
14:59:53.0823 3104 Windows directory: C:\Windows
14:59:53.0823 3104 System windows directory: C:\Windows
14:59:53.0823 3104 Running under WOW64
14:59:53.0823 3104 Processor architecture: Intel x64
14:59:53.0823 3104 Number of processors: 2
14:59:53.0823 3104 Page size: 0x1000
14:59:53.0823 3104 Boot type: Normal boot
14:59:53.0823 3104 ============================================================
14:59:55.0639 3104 Initialize success
15:01:06.0252 2904 ============================================================
15:01:06.0252 2904 Scan started
15:01:06.0252 2904 Mode: Manual; SigCheck; TDLFS;
15:01:06.0252 2904 ============================================================
15:01:06.0943 2904 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
15:01:07.0492 2904 ACPI - ok
15:01:07.0550 2904 adp94xx (9137451d37ba1c325cd6c2def3d2d692) C:\Windows\system32\drivers\adp94xx.sys
15:01:07.0587 2904 adp94xx - ok
15:01:07.0696 2904 adpahci (01f80898df5cc7df19b3b11351846263) C:\Windows\system32\drivers\adpahci.sys
15:01:07.0729 2904 adpahci - ok
15:01:07.0756 2904 adpu160m (da001db13fff45dfe9109936e265b7cc) C:\Windows\system32\drivers\adpu160m.sys
15:01:07.0774 2904 adpu160m - ok
15:01:07.0805 2904 adpu320 (2b10c35c5b7c5c0c28f572e035319602) C:\Windows\system32\drivers\adpu320.sys
15:01:07.0822 2904 adpu320 - ok
15:01:07.0914 2904 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
15:01:08.0165 2904 AFD - ok
15:01:08.0209 2904 agp440 (5ccdd13bc602ae33cd8b62d33c29ab72) C:\Windows\system32\drivers\agp440.sys
15:01:08.0223 2904 agp440 - ok
15:01:08.0283 2904 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
15:01:08.0298 2904 aic78xx - ok
15:01:08.0427 2904 ALCXWDM (853ad8bd8ca940d0f5ac2679a6ed439b) C:\Windows\system32\drivers\RTKVAC64.SYS
15:01:08.0670 2904 ALCXWDM - ok
15:01:08.0716 2904 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
15:01:08.0728 2904 aliide - ok
15:01:08.0742 2904 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
15:01:08.0758 2904 amdide - ok
15:01:08.0808 2904 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
15:01:09.0008 2904 AmdK8 - ok
15:01:09.0043 2904 arc (2e8623f2fed998a97129a3db919551c8) C:\Windows\system32\drivers\arc.sys
15:01:09.0058 2904 arc - ok
15:01:09.0112 2904 arcsas (741a003c041a3ec480a2e71af71e9654) C:\Windows\system32\drivers\arcsas.sys
15:01:09.0127 2904 arcsas - ok
15:01:09.0137 2904 Asushwio - ok
15:01:09.0235 2904 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
15:01:09.0288 2904 AsyncMac - ok
15:01:09.0337 2904 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
15:01:09.0353 2904 atapi - ok
15:01:09.0416 2904 blbdrive - ok
15:01:09.0470 2904 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
15:01:09.0540 2904 bowser - ok
15:01:09.0560 2904 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
15:01:09.0692 2904 BrFiltLo - ok
15:01:09.0716 2904 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
15:01:09.0760 2904 BrFiltUp - ok
15:01:09.0845 2904 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
15:01:10.0039 2904 Brserid - ok
15:01:10.0056 2904 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
15:01:10.0153 2904 BrSerWdm - ok
15:01:10.0189 2904 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
15:01:10.0283 2904 BrUsbMdm - ok
15:01:10.0307 2904 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
15:01:10.0385 2904 BrUsbSer - ok
15:01:10.0406 2904 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
15:01:10.0478 2904 BTHMODEM - ok
15:01:10.0544 2904 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
15:01:10.0611 2904 cdfs - ok
15:01:10.0677 2904 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
15:01:10.0719 2904 cdrom - ok
15:01:10.0762 2904 circlass (f28f00596824058bc61d5edf434c9b82) C:\Windows\system32\drivers\circlass.sys
15:01:10.0841 2904 circlass - ok
15:01:10.0938 2904 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
15:01:10.0975 2904 CLFS - ok
15:01:11.0045 2904 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
15:01:11.0058 2904 cmdide - ok
15:01:11.0097 2904 Compbatt (0e77a445640bf310817f60941c50560c) C:\Windows\system32\drivers\compbatt.sys
15:01:11.0110 2904 Compbatt - ok
15:01:11.0133 2904 crcdisk (b1192dcd5b9cf46beed0e2a9e5bcf59a) C:\Windows\system32\drivers\crcdisk.sys
15:01:11.0147 2904 crcdisk - ok
15:01:11.0224 2904 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys
15:01:11.0285 2904 CSC - ok
15:01:11.0361 2904 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
15:01:11.0420 2904 DfsC - ok
15:01:11.0491 2904 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
15:01:11.0507 2904 disk - ok
15:01:11.0598 2904 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
15:01:11.0645 2904 drmkaud - ok
15:01:11.0709 2904 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
15:01:11.0777 2904 DXGKrnl - ok
15:01:11.0828 2904 E1G60 (d57fe09b575545738a73a0c193d0616a) C:\Windows\system32\DRIVERS\E1G6032E.sys
15:01:11.0903 2904 E1G60 - ok
15:01:11.0968 2904 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
15:01:11.0987 2904 Ecache - ok
15:01:12.0015 2904 elxstor (3d6298aff3fe06c0616ce5d090a3eeaa) C:\Windows\system32\drivers\elxstor.sys
15:01:12.0051 2904 elxstor - ok
15:01:12.0115 2904 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
15:01:12.0186 2904 exfat - ok
15:01:12.0237 2904 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
15:01:12.0314 2904 fastfat - ok
15:01:12.0357 2904 fdc (61b6dbd1ad1143f008364d4e9a96b224) C:\Windows\system32\DRIVERS\fdc.sys
15:01:12.0442 2904 fdc - ok
15:01:12.0541 2904 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
15:01:12.0556 2904 FileInfo - ok
15:01:12.0602 2904 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
15:01:12.0681 2904 Filetrace - ok
15:01:12.0712 2904 flpydisk (12c3d1b4d0ce49e1ce343ba2f22f15e0) C:\Windows\system32\DRIVERS\flpydisk.sys
15:01:12.0788 2904 flpydisk - ok
15:01:12.0846 2904 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
15:01:12.0869 2904 FltMgr - ok
15:01:12.0957 2904 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
15:01:13.0043 2904 Fs_Rec - ok
15:01:13.0089 2904 gagp30kx (b54520cc7b4b55134d7527b1cd3fc1f2) C:\Windows\system32\drivers\gagp30kx.sys
15:01:13.0104 2904 gagp30kx - ok
15:01:13.0130 2904 HDAudBus (60e6a1b5bd7191f05c3ecdbf4d47b2d7) C:\Windows\system32\drivers\hdaudbus.sys
15:01:13.0208 2904 HDAudBus - ok
15:01:13.0230 2904 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
15:01:13.0301 2904 HidBth - ok
15:01:13.0319 2904 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
15:01:13.0401 2904 HidIr - ok
15:01:13.0494 2904 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
15:01:13.0542 2904 HidUsb - ok
15:01:13.0583 2904 HpCISSs (8edc820115df1e04763b2923676ea5b2) C:\Windows\system32\drivers\hpcisss.sys
15:01:13.0596 2904 HpCISSs - ok
15:01:13.0630 2904 HTCAND64 (894a75a3d6bfd97d73bf60d3022b567a) C:\Windows\system32\Drivers\ANDROIDUSB.sys
15:01:13.0676 2904 HTCAND64 - ok
15:01:13.0714 2904 htcnprot (4f6c3122817049997cd696d4a38bfacb) C:\Windows\system32\DRIVERS\htcnprot.sys
15:01:13.0727 2904 htcnprot - ok
15:01:13.0789 2904 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
15:01:13.0866 2904 HTTP - ok
15:01:13.0891 2904 i2omp (f2901763845570ecac48e6a50ec50812) C:\Windows\system32\drivers\i2omp.sys
15:01:13.0905 2904 i2omp - ok
15:01:13.0968 2904 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
15:01:14.0000 2904 i8042prt - ok
15:01:14.0033 2904 iaStorV (72c3ee7ea3cd75a772e62ae0e5df8b8c) C:\Windows\system32\drivers\iastorv.sys
15:01:14.0063 2904 iaStorV - ok
15:01:14.0133 2904 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
15:01:14.0147 2904 iirsp - ok
15:01:14.0178 2904 intelide (36a266c673812878996f72b200203fbb) C:\Windows\system32\drivers\intelide.sys
15:01:14.0191 2904 intelide - ok
15:01:14.0206 2904 intelppm (cd802075728e514548841dcc3f8b0220) C:\Windows\system32\DRIVERS\intelppm.sys
15:01:14.0271 2904 intelppm - ok
15:01:14.0330 2904 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:01:14.0383 2904 IpFilterDriver - ok
15:01:14.0427 2904 IpInIp - ok
15:01:14.0452 2904 IPMIDRV (eacdbbe429c6d170bdeee0effcbc317b) C:\Windows\system32\drivers\ipmidrv.sys
15:01:14.0537 2904 IPMIDRV - ok
15:01:14.0583 2904 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
15:01:14.0648 2904 IPNAT - ok
15:01:14.0706 2904 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
15:01:14.0755 2904 IRENUM - ok
15:01:14.0783 2904 isapnp (d3bb520b31f28c1a065cd058e762ee73) C:\Windows\system32\drivers\isapnp.sys
15:01:14.0800 2904 isapnp - ok
15:01:14.0864 2904 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
15:01:14.0883 2904 iScsiPrt - ok
15:01:14.0932 2904 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
15:01:14.0946 2904 iteatapi - ok
15:01:14.0968 2904 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
15:01:14.0982 2904 iteraid - ok
15:01:15.0044 2904 ivusb (8f92e7fe65423535ad60445eb730eb61) C:\Windows\system32\DRIVERS\ivusb.sys
15:01:15.0056 2904 ivusb - ok
15:01:15.0109 2904 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
15:01:15.0122 2904 kbdclass - ok
15:01:15.0153 2904 kbdhid (2b08052372c1f0dffc31cdd6e5abc4b5) C:\Windows\system32\DRIVERS\kbdhid.sys
15:01:15.0275 2904 kbdhid - ok
15:01:15.0349 2904 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
15:01:15.0393 2904 KL1 - ok
15:01:15.0446 2904 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
15:01:15.0459 2904 kl2 - ok
15:01:15.0548 2904 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
15:01:15.0609 2904 KLIF - ok
15:01:15.0651 2904 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
15:01:15.0662 2904 KLIM6 - ok
15:01:15.0687 2904 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
15:01:15.0700 2904 klmouflt - ok
15:01:15.0746 2904 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
15:01:15.0786 2904 KSecDD - ok
15:01:15.0853 2904 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
15:01:15.0919 2904 ksthunk - ok
15:01:16.0049 2904 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
15:01:16.0137 2904 lltdio - ok
15:01:16.0192 2904 LSI_FC (1572f8d999c0ab4376afdce058a78df9) C:\Windows\system32\drivers\lsi_fc.sys
15:01:16.0205 2904 LSI_FC - ok
15:01:16.0219 2904 LSI_SAS (64470979c3e3c9ff60edfb5230c56e0e) C:\Windows\system32\drivers\lsi_sas.sys
15:01:16.0238 2904 LSI_SAS - ok
15:01:16.0261 2904 LSI_SCSI (4ced7d3b54bfc5bbae75c4a73c7f7428) C:\Windows\system32\drivers\lsi_scsi.sys
15:01:16.0291 2904 LSI_SCSI - ok
15:01:16.0341 2904 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
15:01:16.0399 2904 luafv - ok
15:01:16.0437 2904 megasas (2f631c2939d5f2e8958935ee701d70d7) C:\Windows\system32\drivers\megasas.sys
15:01:16.0451 2904 megasas - ok
15:01:16.0506 2904 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
15:01:16.0561 2904 Modem - ok
15:01:16.0622 2904 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
15:01:16.0665 2904 monitor - ok
15:01:16.0715 2904 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
15:01:16.0729 2904 mouclass - ok
15:01:16.0787 2904 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
15:01:16.0842 2904 mouhid - ok
15:01:16.0897 2904 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
15:01:16.0911 2904 MountMgr - ok
15:01:16.0937 2904 mpio (ed48eac719ee28db773359eb1b06e2b5) C:\Windows\system32\drivers\mpio.sys
15:01:16.0952 2904 mpio - ok
15:01:17.0033 2904 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
15:01:17.0083 2904 mpsdrv - ok
15:01:17.0131 2904 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
15:01:17.0144 2904 Mraid35x - ok
15:01:17.0182 2904 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
15:01:17.0249 2904 MRxDAV - ok
15:01:17.0310 2904 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:01:17.0343 2904 mrxsmb - ok
15:01:17.0399 2904 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:01:17.0453 2904 mrxsmb10 - ok
15:01:17.0483 2904 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:01:17.0533 2904 mrxsmb20 - ok
15:01:17.0555 2904 msahci (eeadf970795148bfbb1db3abcc89c16b) C:\Windows\system32\drivers\msahci.sys
15:01:17.0568 2904 msahci - ok
15:01:17.0583 2904 msdsm (96d7c0a1b98434c6e4ff0c2e26a0e20a) C:\Windows\system32\drivers\msdsm.sys
15:01:17.0599 2904 msdsm - ok
15:01:17.0661 2904 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
15:01:17.0723 2904 Msfs - ok
15:01:17.0791 2904 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
15:01:17.0805 2904 msisadrv - ok
15:01:17.0869 2904 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
15:01:17.0935 2904 MSKSSRV - ok
15:01:17.0957 2904 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
15:01:18.0009 2904 MSPCLOCK - ok
15:01:18.0055 2904 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
15:01:18.0114 2904 MSPQM - ok
15:01:18.0166 2904 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
15:01:18.0197 2904 MsRPC - ok
15:01:18.0223 2904 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
15:01:18.0236 2904 mssmbios - ok
15:01:18.0287 2904 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
15:01:18.0348 2904 MSTEE - ok
15:01:18.0487 2904 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
15:01:18.0590 2904 MTsensor - ok
15:01:18.0617 2904 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
15:01:18.0633 2904 Mup - ok
15:01:18.0703 2904 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
15:01:18.0733 2904 NativeWifiP - ok
15:01:18.0803 2904 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
15:01:18.0867 2904 NDIS - ok
15:01:18.0959 2904 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
15:01:18.0998 2904 NdisTapi - ok
15:01:19.0045 2904 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
15:01:19.0109 2904 Ndisuio - ok
15:01:19.0158 2904 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
15:01:19.0200 2904 NdisWan - ok
15:01:19.0252 2904 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
15:01:19.0304 2904 NDProxy - ok
15:01:19.0378 2904 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
15:01:19.0429 2904 NetBIOS - ok
15:01:19.0489 2904 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
15:01:19.0526 2904 netbt - ok
15:01:19.0571 2904 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
15:01:19.0585 2904 nfrd960 - ok
15:01:19.0664 2904 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
15:01:19.0711 2904 Npfs - ok
15:01:19.0765 2904 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
15:01:19.0829 2904 nsiproxy - ok
15:01:19.0913 2904 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
15:01:20.0019 2904 Ntfs - ok
15:01:20.0080 2904 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
15:01:20.0144 2904 Null - ok
15:01:20.0557 2904 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:01:22.0648 2904 nvlddmkm - ok
15:01:22.0765 2904 nvraid (840eeb44dc49317a6161961f7682cd99) C:\Windows\system32\drivers\nvraid.sys
15:01:22.0783 2904 nvraid - ok
15:01:22.0825 2904 nvstor (94c5334040a5d500897f4c5fd12aeede) C:\Windows\system32\drivers\nvstor.sys
15:01:22.0843 2904 nvstor - ok
15:01:22.0892 2904 nv_agp (aa1b6c86a4763502e20b65c025f39bad) C:\Windows\system32\drivers\nv_agp.sys
15:01:22.0910 2904 nv_agp - ok
15:01:22.0929 2904 NwlnkFlt - ok
15:01:22.0950 2904 NwlnkFwd - ok
15:01:23.0052 2904 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
15:01:23.0093 2904 ohci1394 - ok
15:01:23.0289 2904 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
15:01:23.0419 2904 Parport - ok
15:01:23.0538 2904 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
15:01:23.0555 2904 partmgr - ok
15:01:23.0705 2904 pavboot (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys
15:01:23.0718 2904 pavboot - ok
15:01:23.0739 2904 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
15:01:23.0758 2904 pci - ok
15:01:23.0777 2904 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
15:01:23.0791 2904 pciide - ok
15:01:23.0829 2904 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
15:01:23.0847 2904 pcmcia - ok
15:01:23.0884 2904 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
15:01:24.0063 2904 PEAUTH - ok
15:01:24.0184 2904 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
15:01:24.0237 2904 PptpMiniport - ok
15:01:24.0354 2904 Processor (6bc78e5f12cbb74e7930aaaa4a0db387) C:\Windows\system32\drivers\processr.sys
15:01:24.0430 2904 Processor - ok
15:01:24.0512 2904 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
15:01:24.0544 2904 PSched - ok
15:01:24.0709 2904 ql2300 (4a29d25704917161bad9b4659a248dfd) C:\Windows\system32\drivers\ql2300.sys
15:01:24.0775 2904 ql2300 - ok
15:01:24.0854 2904 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
15:01:24.0881 2904 ql40xx - ok
15:01:24.0936 2904 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
15:01:24.0989 2904 QWAVEdrv - ok
15:01:25.0066 2904 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
15:01:25.0118 2904 RasAcd - ok
15:01:25.0245 2904 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:01:25.0299 2904 Rasl2tp - ok
15:01:25.0370 2904 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
15:01:25.0438 2904 RasPppoe - ok
15:01:25.0619 2904 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
15:01:25.0659 2904 RasSstp - ok
15:01:25.0768 2904 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
15:01:25.0814 2904 rdbss - ok
15:01:25.0887 2904 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:01:25.0949 2904 RDPCDD - ok
15:01:26.0053 2904 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys
15:01:26.0114 2904 rdpdr - ok
15:01:26.0253 2904 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
15:01:26.0297 2904 RDPENCDD - ok
15:01:26.0382 2904 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
15:01:26.0451 2904 RDPWD - ok
15:01:26.0553 2904 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
15:01:26.0621 2904 rspndr - ok
15:01:26.0763 2904 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:01:26.0775 2904 SASDIFSV - ok
15:01:26.0830 2904 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:01:26.0840 2904 SASKUTIL - ok
15:01:27.0006 2904 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
15:01:27.0021 2904 sbp2port - ok
15:01:27.0073 2904 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:01:27.0167 2904 secdrv - ok
15:01:27.0287 2904 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
15:01:27.0330 2904 Serenum - ok
15:01:27.0378 2904 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
15:01:27.0429 2904 Serial - ok
15:01:27.0530 2904 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
15:01:27.0596 2904 sermouse - ok
15:01:27.0647 2904 sffdisk (541b32f8d6b2dcb92ec43bab267e79ea) C:\Windows\system32\drivers\sffdisk.sys
15:01:27.0711 2904 sffdisk - ok
15:01:27.0983 2904 sffp_mmc (446e7cca3325c7e0ae0fde7f73cdd9c2) C:\Windows\system32\drivers\sffp_mmc.sys
15:01:28.0058 2904 sffp_mmc - ok
15:01:28.0165 2904 sffp_sd (67edc221348911e895af51c57d9a3725) C:\Windows\system32\drivers\sffp_sd.sys
15:01:28.0256 2904 sffp_sd - ok
15:01:28.0347 2904 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys
15:01:28.0410 2904 sfloppy - ok
15:01:28.0710 2904 SiSRaid2 (08dda16573fa44f8b13afe74597ad2e5) C:\Windows\system32\drivers\sisraid2.sys
15:01:28.0724 2904 SiSRaid2 - ok
15:01:28.0780 2904 SiSRaid4 (c52259e9daaf3890d572d87ffee0979e) C:\Windows\system32\drivers\sisraid4.sys
15:01:28.0802 2904 SiSRaid4 - ok
15:01:28.0851 2904 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
15:01:28.0926 2904 Smb - ok
15:01:28.0987 2904 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
15:01:29.0001 2904 spldr - ok
15:01:29.0106 2904 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
15:01:29.0180 2904 srv - ok
15:01:29.0280 2904 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
15:01:29.0343 2904 srv2 - ok
15:01:29.0457 2904 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
15:01:29.0507 2904 srvnet - ok
15:01:29.0570 2904 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
15:01:29.0584 2904 swenum - ok
15:01:29.0622 2904 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
15:01:29.0634 2904 Symc8xx - ok
15:01:29.0705 2904 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
15:01:29.0719 2904 Sym_hi - ok
15:01:29.0835 2904 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
15:01:29.0849 2904 Sym_u3 - ok
15:01:30.0183 2904 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
15:01:30.0270 2904 Tcpip - ok
15:01:30.0315 2904 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
15:01:30.0406 2904 Tcpip6 - ok
15:01:30.0489 2904 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
15:01:30.0548 2904 tcpipreg - ok
15:01:30.0630 2904 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
15:01:30.0694 2904 TDPIPE - ok
15:01:30.0833 2904 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
15:01:30.0904 2904 TDTCP - ok
15:01:31.0010 2904 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
15:01:31.0050 2904 tdx - ok
15:01:31.0093 2904 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
15:01:31.0108 2904 TermDD - ok
15:01:31.0234 2904 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:01:31.0303 2904 tssecsrv - ok
15:01:31.0404 2904 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
15:01:31.0431 2904 tunmp - ok
15:01:31.0457 2904 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
15:01:31.0487 2904 tunnel - ok
15:01:31.0532 2904 uagp35 (e4722dfbd6232acf17543ef2c2dce8d2) C:\Windows\system32\drivers\uagp35.sys
15:01:31.0545 2904 uagp35 - ok
15:01:31.0713 2904 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
15:01:31.0784 2904 udfs - ok
15:01:31.0839 2904 uliagpkx (5663d7696abbe71f8c9d915c5374118a) C:\Windows\system32\drivers\uliagpkx.sys
15:01:31.0853 2904 uliagpkx - ok
15:01:31.0928 2904 uliahci (6030b68e86a30d1b315b51c4d7778b16) C:\Windows\system32\drivers\uliahci.sys
15:01:31.0962 2904 uliahci - ok
15:01:32.0002 2904 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
15:01:32.0020 2904 UlSata - ok
15:01:32.0138 2904 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
15:01:32.0174 2904 ulsata2 - ok
15:01:32.0226 2904 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
15:01:32.0279 2904 umbus - ok
15:01:32.0357 2904 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
15:01:32.0414 2904 usbaudio - ok
15:01:32.0496 2904 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
15:01:32.0545 2904 usbccgp - ok
15:01:32.0643 2904 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
15:01:32.0731 2904 usbcir - ok
15:01:32.0883 2904 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
15:01:32.0948 2904 usbehci - ok
15:01:33.0006 2904 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
15:01:33.0067 2904 usbhub - ok
15:01:33.0222 2904 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
15:01:33.0286 2904 usbohci - ok
15:01:33.0334 2904 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
15:01:33.0379 2904 usbprint - ok
15:01:33.0521 2904 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
15:01:33.0571 2904 usbscan - ok
15:01:33.0614 2904 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:01:33.0668 2904 USBSTOR - ok
15:01:33.0720 2904 usbuhci (7bf55d2538740b25936e93553e5d190d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:01:33.0793 2904 usbuhci - ok
15:01:33.0887 2904 vga (2998dc48905e9b4821ad8fd75b3e070c) C:\Windows\system32\DRIVERS\vgapnp.sys
15:01:33.0970 2904 vga - ok
15:01:34.0057 2904 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
15:01:34.0126 2904 VgaSave - ok
15:01:34.0166 2904 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
15:01:34.0179 2904 viaide - ok
15:01:34.0265 2904 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
15:01:34.0279 2904 volmgr - ok
15:01:34.0386 2904 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
15:01:34.0423 2904 volmgrx - ok
15:01:34.0479 2904 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
15:01:34.0500 2904 volsnap - ok
15:01:34.0549 2904 vsmraid (410ae2c141142c58bc617fc2c677f8b0) C:\Windows\system32\drivers\vsmraid.sys
15:01:34.0566 2904 vsmraid - ok
15:01:34.0602 2904 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
15:01:34.0681 2904 WacomPen - ok
15:01:34.0734 2904 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:01:34.0772 2904 Wanarp - ok
15:01:34.0782 2904 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:01:34.0816 2904 Wanarpv6 - ok
15:01:34.0861 2904 Wd (59b501b0a04c9672142b7ffa2bdbf663) C:\Windows\system32\drivers\wd.sys
15:01:34.0874 2904 Wd - ok
15:01:34.0938 2904 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
15:01:35.0007 2904 Wdf01000 - ok
15:01:35.0104 2904 WmiAcpi (ae34218455d5dc12d1e45de85f160346) C:\Windows\system32\drivers\wmiacpi.sys
15:01:35.0167 2904 WmiAcpi - ok
15:01:35.0234 2904 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
15:01:35.0293 2904 WpdUsb - ok
15:01:35.0353 2904 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
15:01:35.0416 2904 ws2ifsl - ok
15:01:35.0550 2904 yukonx64 (2ae06b41b36549fabf0886b2af89a599) C:\Windows\system32\DRIVERS\yk60x64.sys
15:01:35.0617 2904 yukonx64 - ok
15:01:35.0635 2904 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
15:01:35.0802 2904 \Device\Harddisk0\DR0 - ok
15:01:35.0808 2904 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
15:01:35.0843 2904 \Device\Harddisk1\DR1 - ok
15:01:35.0848 2904 Boot (0x1200) (07e42403f973f350dd2ece3e067c7dfb) \Device\Harddisk0\DR0\Partition0
15:01:35.0849 2904 \Device\Harddisk0\DR0\Partition0 - ok
15:01:35.0857 2904 Boot (0x1200) (107035d130bcf8319b7a9f44ac0af2d4) \Device\Harddisk1\DR1\Partition0
15:01:35.0857 2904 \Device\Harddisk1\DR1\Partition0 - ok
15:01:35.0859 2904 ============================================================
15:01:35.0860 2904 Scan finished
15:01:35.0860 2904 ============================================================
15:01:35.0880 4796 Detected object count: 0
15:01:35.0880 4796 Actual detected object count: 0
15:21:06.0185 2956 Deinitialize success

cosinus 20.11.2011 12:26
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Ben89 20.11.2011 15:29
Guten Tag, habe das ComboFix ausgeführt, wie beschrieben. Da ich nicht weiß, ob es von Bedeutung ist, sag ich direkt, dass nach dem Neustart Kaspersky&co automatisch gestartet wurden, da im ComboFix etwas stand wie -Bitte öffnen Sie keine Programme bis ComboFix fertig ist- habe ich diese per Maus direkt beendet. Hier nun das Log:

Combofix Logfile:
Code:
ComboFix 11-11-20.01 - xxxx 20.11.2011  14:39:06.1.2 - x64
Microsoft® Windows Vista™ Business  6.0.6002.2.1252.49.1031.18.2047.1040 [GMT 1:00]
ausgeführt von:: c:\users\xxxx\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\lol
c:\program files (x86)\lol\League of Legends\0x0407.ini
c:\program files (x86)\lol\League of Legends\0x0409.ini
c:\program files (x86)\lol\League of Legends\0x040a.ini
c:\program files (x86)\lol\League of Legends\0x040c.ini
c:\program files (x86)\lol\League of Legends\data1.cab
c:\program files (x86)\lol\League of Legends\data1.hdr
c:\program files (x86)\lol\League of Legends\data2.cab
c:\program files (x86)\lol\League of Legends\ISSetup.dll
c:\program files (x86)\lol\League of Legends\layout.bin
c:\program files (x86)\lol\League of Legends\setup.exe
c:\program files (x86)\lol\League of Legends\setup.ini
c:\program files (x86)\lol\League of Legends\setup.inx
c:\program files (x86)\lol\League of Legends\setup.isn
c:\users\xxxx\~app.tmp
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_COMSysApp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-10-20 bis 2011-11-20  ))))))))))))))))))))))))))))))
.
.
2011-11-20 13:55 . 2011-11-20 13:55        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-11-20 13:29 . 2011-11-20 13:29        --------        d-----w-        c:\windows\solcache
2011-11-20 13:28 . 2011-11-20 13:28        --------        d-----w-        c:\program files (x86)\Sierra On-Line
2011-11-20 13:28 . 2011-11-20 13:28        --------        d-----w-        C:\SIERRA
2011-11-20 13:27 . 1997-05-12 16:53        314368        ----a-w-        c:\windows\IsUninst.exe
2011-11-18 19:27 . 2011-11-18 19:27        66936        --sha-w-        c:\windows\dlinfo_0.drv
2011-11-18 19:25 . 2011-11-18 19:25        86528        ----a-w-        c:\windows\bnetunin.exe
2011-11-18 19:25 . 2011-11-18 19:25        61440        ----a-w-        c:\windows\diabunin.exe
2011-11-18 18:36 . 2011-11-18 18:36        --------        d-----w-        C:\_OTL
2011-11-18 11:22 . 2011-11-18 11:22        --------        d-----w-        c:\program files (x86)\Common Files\Java
2011-11-17 19:51 . 2011-11-17 19:51        --------        d-----w-        c:\program files (x86)\ESET
2011-11-17 16:08 . 2011-11-17 16:08        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-15 12:33 . 2011-11-15 12:33        --------        d-----w-        c:\program files (x86)\7-Zip
2011-11-14 18:10 . 2011-11-20 14:00        --------        d-----w-        c:\programdata\Kaspersky Lab
2011-11-14 18:10 . 2011-11-14 18:10        --------        d-----w-        c:\program files (x86)\Kaspersky Lab
2011-11-13 22:39 . 2011-11-13 22:39        --------        d-----w-        c:\users\xxxx\AppData\Roaming\SUPERAntiSpyware.com
2011-11-13 22:38 . 2011-11-13 22:39        --------        d-----w-        c:\program files\SUPERAntiSpyware
2011-11-13 22:38 . 2011-11-13 22:38        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2011-11-13 12:22 . 2011-11-13 12:22        --------        d-----w-        c:\users\xxxx\AppData\Roaming\Malwarebytes
2011-11-13 12:22 . 2011-11-17 16:08        --------        d-----w-        c:\programdata\Malwarebytes
2011-11-13 12:22 . 2011-08-31 16:00        25416        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-11-13 12:17 . 2011-11-13 12:17        --------        d-----w-        c:\program files\CCleaner
2011-11-09 12:50 . 2011-09-20 21:06        1426304        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2011-11-09 12:50 . 2011-10-17 11:41        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 12:50 . 2011-10-17 11:41        2409784        ----a-w-        c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-11-09 12:50 . 2011-09-30 16:16        893440        ----a-w-        c:\program files\Common Files\System\wab32.dll
2011-11-09 12:50 . 2011-09-30 16:16        50688        ----a-w-        c:\program files\Windows Mail\wabimp.dll
2011-11-09 12:50 . 2011-09-30 15:57        707584        ----a-w-        c:\program files (x86)\Common Files\System\wab32.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 11:05 . 2011-08-11 18:17        404640        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 04:06 . 2010-10-22 09:17        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2011-09-06 13:56 . 2011-10-12 22:26        2764288        ----a-w-        c:\windows\system32\win32k.sys
2011-09-01 05:24 . 2011-10-13 00:37        2309120        ----a-w-        c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-13 00:37        1389056        ----a-w-        c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-13 00:37        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-13 00:37        1798144        ----a-w-        c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-13 00:37        1126912        ----a-w-        c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-13 00:37        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2011-08-25 16:20 . 2011-10-12 22:26        735744        ----a-w-        c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:19 . 2011-10-12 22:26        332288        ----a-w-        c:\windows\system32\oleacc.dll
2011-08-25 16:19 . 2011-10-12 22:26        847360        ----a-w-        c:\windows\system32\oleaut32.dll
2011-08-25 16:15 . 2011-10-12 22:26        555520        ----a-w-        c:\windows\SysWow64\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-12 22:26        238080        ----a-w-        c:\windows\SysWow64\oleacc.dll
2011-08-25 16:14 . 2011-10-12 22:26        563712        ----a-w-        c:\windows\SysWow64\oleaut32.dll
2011-08-25 13:54 . 2011-10-12 22:26        4096        ----a-w-        c:\windows\system32\oleaccrc.dll
2011-08-25 13:31 . 2011-10-12 22:26        4096        ----a-w-        c:\windows\SysWow64\oleaccrc.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2010-10-28 294912]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-24 202296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Asushwio;Asushwio;g:\bin\64bit\Asushwio.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page =
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\13bhh6jg.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1309527418-831813176-3672789862-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2*6*ÜuA7\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1309527418-831813176-3672789862-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2*6*’åZ\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1309527418-831813176-3672789862-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*tN\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\lkcitdl.exe
c:\windows\SysWOW64\lkads.exe
c:\windows\SysWOW64\lktsrv.exe
c:\program files (x86)\National Instruments\MAX\nimxs.exe
c:\program files (x86)\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\SysWOW64\nisvcloc.exe
c:\program files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-20  15:14:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-20 14:14
.
Vor Suchlauf: 4.712.161.280 Bytes frei
Nach Suchlauf: 3.850.792.960 Bytes frei
.
- - End Of File - - 34E1012B76711716986456F76F0AF397
--- --- ---

cosinus 20.11.2011 15:41
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Ben89 22.11.2011 00:32
Hallo, das Programm führt zu einem Blue Screen, wenn ich "scan" mache.
Als Meldung steht da "Driver IRQL Less or Equal", der Blue Screen hält nur kurz, dann startet er neu.

cosinus 22.11.2011 08:54
Probier es bitte nochmal. Kommt erneut ein Bluescreen versuchst du aswMBR mal im abgesicherten Modus.

Ben89 22.11.2011 22:51
Hallo Arne, habs auch zweimal im abgesicherten Modus versucht, mit denselben Resultat. -Blue Screen-
Haben die bisherigen Logs denn Anzeichen ergeben, dass mein PC noch infiziert ist?

cosinus 22.11.2011 23:23
Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Ben89 23.11.2011 18:07
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 142):
0x01E05000 \SystemRoot\system32\ntoskrnl.exe
0x0231D000 \SystemRoot\system32\hal.dll
0x0060D000 \SystemRoot\system32\kdcom.dll
0x00617000 \SystemRoot\system32\PSHED.dll
0x0062B000 \SystemRoot\system32\CLFS.SYS
0x00688000 \SystemRoot\system32\CI.dll
0x00809000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F1000 \SystemRoot\system32\drivers\acpi.sys
0x00947000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00950000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095A000 \SystemRoot\system32\drivers\pci.sys
0x0098A000 \SystemRoot\System32\drivers\partmgr.sys
0x0099F000 \SystemRoot\system32\drivers\volmgr.sys
0x0073A000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B3000 \SystemRoot\system32\drivers\pciide.sys
0x009BA000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009CA000 \SystemRoot\System32\drivers\mountmgr.sys
0x009DD000 \SystemRoot\system32\drivers\pavboot64.sys
0x009E8000 \SystemRoot\system32\drivers\atapi.sys
0x007A0000 \SystemRoot\system32\drivers\ataport.SYS
0x00A01000 \SystemRoot\system32\drivers\fltmgr.sys
0x00A48000 \SystemRoot\system32\drivers\fileinfo.sys
0x00A5C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C02000 \SystemRoot\system32\drivers\ndis.sys
0x00AE3000 \SystemRoot\system32\drivers\msrpc.sys
0x00B33000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E03000 \SystemRoot\System32\drivers\tcpip.sys
0x00F78000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0100C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0118C000 \SystemRoot\system32\drivers\volsnap.sys
0x011D0000 \SystemRoot\System32\Drivers\spldr.sys
0x011D8000 \SystemRoot\System32\Drivers\mup.sys
0x0120B000 \SystemRoot\system32\DRIVERS\kl1.sys
0x0196A000 \SystemRoot\System32\drivers\ecache.sys
0x01996000 \SystemRoot\system32\drivers\disk.sys
0x019AA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x019D6000 \SystemRoot\system32\drivers\crcdisk.sys
0x011EA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x011F7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00FA4000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x01000000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x00FB8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x00DC5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02C00000 \SystemRoot\system32\drivers\RTKVAC64.SYS
0x02F53000 \SystemRoot\system32\drivers\portcls.sys
0x02F8E000 \SystemRoot\system32\drivers\drmk.sys
0x02FB1000 \SystemRoot\system32\drivers\ks.sys
0x02FE5000 \SystemRoot\system32\drivers\ksthunk.sys
0x00DD6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02FEB000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x00B8C000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x02809000 \SystemRoot\system32\DRIVERS\yk60x64.sys
0x0300F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x03CA1000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03CA3000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03D86000 \SystemRoot\System32\drivers\watchdog.sys
0x03D96000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x03D9E000 \SystemRoot\system32\DRIVERS\serial.sys
0x03DBB000 \SystemRoot\system32\DRIVERS\serenum.sys
0x03DC7000 \SystemRoot\system32\DRIVERS\parport.sys
0x03DE3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03000000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0286E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x028A7000 \SystemRoot\system32\DRIVERS\storport.sys
0x02904000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02911000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02934000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02940000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02971000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02981000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0299F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03E0C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x03EA6000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03EB9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03EC5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03EC7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03ED2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03EE2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03F2A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03F3E000 \SystemRoot\system32\DRIVERS\klif.sys
0x03FE1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x03FEB000 \SystemRoot\System32\Drivers\Null.SYS
0x029B7000 \SystemRoot\System32\drivers\vga.sys
0x029C5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03FF4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03E00000 \SystemRoot\system32\drivers\rdpencdd.sys
0x029EA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x00B9C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x029F5000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x00BAD000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03DF9000 \SystemRoot\system32\DRIVERS\kl2.sys
0x00BCA000 \SystemRoot\system32\DRIVERS\smb.sys
0x0400A000 \SystemRoot\system32\drivers\afd.sys
0x04075000 \SystemRoot\System32\DRIVERS\netbt.sys
0x040B9000 \SystemRoot\system32\DRIVERS\pacer.sys
0x040D7000 \SystemRoot\system32\DRIVERS\klim6.sys
0x040E0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x040EF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0410A000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x04114000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x0411E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0416B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04177000 \SystemRoot\system32\drivers\csc.sys
0x007C4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x041ED000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x007E0000 \SystemRoot\System32\Drivers\dfsc.sys
0x00BE5000 \SystemRoot\system32\drivers\usbaudio.sys
0x041EF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04209000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0421B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04223000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0422E000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x04238000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x04254000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04262000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0426E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x00090000 \SystemRoot\System32\win32k.sys
0x04276000 \SystemRoot\System32\drivers\Dxapi.sys
0x04282000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00400000 \SystemRoot\System32\TSDDD.dll
0x006E0000 \SystemRoot\System32\cdd.dll
0x04295000 \SystemRoot\system32\drivers\luafv.sys
0x042C0000 \SystemRoot\system32\drivers\spsys.sys
0x0435A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0436E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0760F000 \SystemRoot\system32\drivers\HTTP.sys
0x076B2000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x076DB000 \SystemRoot\system32\DRIVERS\bowser.sys
0x076F9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x07713000 \SystemRoot\system32\drivers\mrxdav.sys
0x0773A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x07763000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x077AC000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x077CB000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07A0F000 \SystemRoot\System32\DRIVERS\srv.sys
0x07AA2000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x07AAD000 \SystemRoot\system32\drivers\peauth.sys
0x07B63000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07B6E000 \SystemRoot\System32\drivers\tcpipreg.sys
0x008D0000 \SystemRoot\System32\ATMFD.DLL
0x776F0000 \Windows\System32\ntdll.dll

Processes (total 58):
0 System Idle Process
4 System
476 C:\Windows\System32\smss.exe
544 csrss.exe
588 C:\Windows\System32\wininit.exe
612 csrss.exe
644 C:\Windows\System32\services.exe
656 C:\Windows\System32\lsass.exe
664 C:\Windows\System32\lsm.exe
772 C:\Windows\System32\winlogon.exe
840 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\nvvsvc.exe
916 C:\Windows\System32\svchost.exe
268 C:\Windows\System32\svchost.exe
312 C:\Windows\System32\svchost.exe
488 C:\Windows\System32\svchost.exe
600 C:\Windows\System32\audiodg.exe
988 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\SLsvc.exe
1088 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\nvvsvc.exe
1268 C:\Windows\System32\svchost.exe
1460 C:\Windows\System32\spoolsv.exe
1504 C:\Windows\System32\svchost.exe
1876 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1900 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
1960 C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
2012 C:\Windows\SysWOW64\lkcitdl.exe
1564 C:\Windows\SysWOW64\lkads.exe
1216 C:\Windows\SysWOW64\lktsrv.exe
1708 C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
1860 C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
908 C:\Windows\SysWOW64\nisvcloc.exe
2024 C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
2280 C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2336 C:\Windows\System32\svchost.exe
2388 C:\Windows\System32\svchost.exe
2440 C:\Windows\System32\svchost.exe
2576 C:\Windows\System32\SearchIndexer.exe
4020 C:\Windows\System32\taskeng.exe
3196 C:\Windows\System32\dwm.exe
3320 C:\Windows\explorer.exe
3068 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
2980 C:\Windows\SOUNDMAN.EXE
3608 C:\Program Files\Windows Sidebar\sidebar.exe
3640 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3292 C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
1232 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
3464 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3924 C:\Windows\System32\taskeng.exe
3680 C:\Windows\System32\svchost.exe
4540 C:\Windows\SysWOW64\conime.exe
5856 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
6092 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtblfs.exe
5112 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
5332 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
1212 taskeng.exe
5124 C:\Users\XXXX\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800JB-00JJC0, Rev: 05.01C05
PhysicalDrive1 Model Number: WDCWD1200JB-00EVA0, Rev: 15.05R15

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
111 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!

cosinus 23.11.2011 19:19
Zitat:
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
Hm, installiert ist ein Vista64, erkannt wird aber ein XP MBR. War auf diesem Rechner bzw. auf dieser Platte mal ein XP instaliert?

Ben89 24.11.2011 14:53
Der Rechner ist jetzt schon etwas älter und wurde mehrfach formatiert, musste auch mal eine Platte austauschen, die den Geist aufgegeben hatte. Um die Frage zu beantworten, ja hatte früher auch andere Versionen von Windows drauf, unter anderem XP, direkt davor allerdings Win7, was aber nicht richtig lief.

Falls es hilft, ich hatte auch schonmal beim booten Fehlermeldungen erhalten, dass eben die Masterbootsektoren beschädigt seien, bzw NTLDR missing, habe mir dabei aber nichts weiter gedacht, weil sich das Problem von selbst gelöst hat, beim 2. Versuch den PC hochzufahren.

cosinus 24.11.2011 15:32
Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten.

Hast Du noch andere Betriebssysteme außer Vista installiert?
Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 64-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten)

Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der dieser DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Führe im normalen Windowsmodus MBRcheck bzw. aswmbr (je nachdem welches Tool ich dir vorhin aufgab) und poste das neue Log.

Hinweis: Zwischen bootrec.exe und /fixmbr bzw. /fixboot ist ein Leerzeichen!

Ben89 25.11.2011 20:25
Hat problemlos funktioniert, hier das neue Log.


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 141):
0x01E54000 \SystemRoot\system32\ntoskrnl.exe
0x01E0E000 \SystemRoot\system32\hal.dll
0x00608000 \SystemRoot\system32\kdcom.dll
0x00612000 \SystemRoot\system32\PSHED.dll
0x00626000 \SystemRoot\system32\CLFS.SYS
0x00683000 \SystemRoot\system32\CI.dll
0x00809000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F1000 \SystemRoot\system32\drivers\acpi.sys
0x00947000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00950000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095A000 \SystemRoot\system32\drivers\pci.sys
0x0098A000 \SystemRoot\System32\drivers\partmgr.sys
0x0099F000 \SystemRoot\system32\drivers\volmgr.sys
0x00735000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B3000 \SystemRoot\system32\drivers\pciide.sys
0x009BA000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009CA000 \SystemRoot\System32\drivers\mountmgr.sys
0x009DD000 \SystemRoot\system32\drivers\pavboot64.sys
0x009E8000 \SystemRoot\system32\drivers\atapi.sys
0x0079B000 \SystemRoot\system32\drivers\ataport.SYS
0x00A0F000 \SystemRoot\system32\drivers\fltmgr.sys
0x00A56000 \SystemRoot\system32\drivers\fileinfo.sys
0x00A6A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C00000 \SystemRoot\system32\drivers\ndis.sys
0x00AF1000 \SystemRoot\system32\drivers\msrpc.sys
0x00B41000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E06000 \SystemRoot\System32\drivers\tcpip.sys
0x00F7B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01001000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01181000 \SystemRoot\system32\drivers\volsnap.sys
0x011C5000 \SystemRoot\System32\Drivers\spldr.sys
0x011CD000 \SystemRoot\System32\Drivers\mup.sys
0x01204000 \SystemRoot\system32\DRIVERS\kl1.sys
0x01963000 \SystemRoot\System32\drivers\ecache.sys
0x0198F000 \SystemRoot\system32\drivers\disk.sys
0x019A3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x019CF000 \SystemRoot\system32\drivers\crcdisk.sys
0x011DF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x011EC000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00FA7000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x011F5000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x00B9A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x00FBB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0280C000 \SystemRoot\system32\drivers\RTKVAC64.SYS
0x02B5F000 \SystemRoot\system32\drivers\portcls.sys
0x02B9A000 \SystemRoot\system32\drivers\drmk.sys
0x02BBD000 \SystemRoot\system32\drivers\ks.sys
0x02BF1000 \SystemRoot\system32\drivers\ksthunk.sys
0x00FCC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x00FE8000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x00DC3000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x02C00000 \SystemRoot\system32\DRIVERS\yk60x64.sys
0x02E0E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x03AA0000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03AA2000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03B85000 \SystemRoot\System32\drivers\watchdog.sys
0x03B95000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x03B9D000 \SystemRoot\system32\DRIVERS\serial.sys
0x03BBA000 \SystemRoot\system32\DRIVERS\serenum.sys
0x03BC6000 \SystemRoot\system32\DRIVERS\parport.sys
0x03BE2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x02E00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02C65000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02C9E000 \SystemRoot\system32\DRIVERS\storport.sys
0x02CFB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02D08000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02D2B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02D37000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02D68000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02D78000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02D96000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03C07000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x03CA1000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03CB4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03CC0000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03CC2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03CCD000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03CDD000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03D25000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03D39000 \SystemRoot\system32\DRIVERS\klif.sys
0x03DDC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x03DE6000 \SystemRoot\System32\Drivers\Null.SYS
0x03DEF000 \SystemRoot\System32\drivers\vga.sys
0x02DAE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02DD3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02DDC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02DE5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x00DD3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02DF0000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x00BE0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03C00000 \SystemRoot\system32\DRIVERS\kl2.sys
0x00DE4000 \SystemRoot\system32\DRIVERS\smb.sys
0x03E02000 \SystemRoot\system32\drivers\afd.sys
0x03E6D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03EB1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03ECF000 \SystemRoot\system32\DRIVERS\klim6.sys
0x03ED8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03EE7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03F02000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x03F0C000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x03F16000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03F63000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03F6F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x03F8B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0400D000 \SystemRoot\system32\drivers\csc.sys
0x04083000 \SystemRoot\System32\Drivers\dfsc.sys
0x040A0000 \SystemRoot\system32\drivers\usbaudio.sys
0x040B9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x040C2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x040D4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x040DC000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x040E7000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x040F1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x040FF000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0410B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x04113000 \SystemRoot\System32\drivers\Dxapi.sys
0x0411F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00470000 \SystemRoot\System32\TSDDD.dll
0x00660000 \SystemRoot\System32\cdd.dll
0x04132000 \SystemRoot\system32\drivers\luafv.sys
0x0415D000 \SystemRoot\system32\drivers\spsys.sys
0x03F8D000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03FA1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0780B000 \SystemRoot\system32\drivers\HTTP.sys
0x078AE000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x078D7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x078F5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0790F000 \SystemRoot\system32\drivers\mrxdav.sys
0x07936000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0795F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x079A8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x079C7000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0820D000 \SystemRoot\System32\DRIVERS\srv.sys
0x082A0000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x082AB000 \SystemRoot\system32\drivers\peauth.sys
0x08361000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0836C000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0837C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x76DC0000 \Windows\System32\ntdll.dll

Processes (total 57):
0 System Idle Process
4 System
476 C:\Windows\System32\smss.exe
544 csrss.exe
596 C:\Windows\System32\wininit.exe
608 csrss.exe
644 C:\Windows\System32\services.exe
660 C:\Windows\System32\lsass.exe
668 C:\Windows\System32\lsm.exe
784 C:\Windows\System32\winlogon.exe
852 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\nvvsvc.exe
928 C:\Windows\System32\svchost.exe
280 C:\Windows\System32\svchost.exe
272 C:\Windows\System32\svchost.exe
504 C:\Windows\System32\svchost.exe
288 C:\Windows\System32\audiodg.exe
1028 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\SLsvc.exe
1100 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\nvvsvc.exe
1540 C:\Windows\System32\spoolsv.exe
1568 C:\Windows\System32\svchost.exe
1920 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1956 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
1996 C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
1684 C:\Windows\SysWOW64\lkcitdl.exe
1812 C:\Windows\SysWOW64\lkads.exe
1400 C:\Windows\SysWOW64\lktsrv.exe
1884 C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
716 C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
2060 C:\Windows\SysWOW64\nisvcloc.exe
2156 C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
2256 C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2320 C:\Windows\System32\svchost.exe
2396 C:\Windows\System32\svchost.exe
2480 C:\Windows\System32\svchost.exe
2524 C:\Windows\System32\SearchIndexer.exe
2948 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\wmi64.exe
3368 C:\Windows\System32\taskeng.exe
3432 C:\Windows\System32\dwm.exe
3504 C:\Windows\explorer.exe
3968 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
4028 C:\Windows\SOUNDMAN.EXE
3624 C:\Program Files\Windows Sidebar\sidebar.exe
3680 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3856 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
3992 C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
3356 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
3716 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1456 C:\Windows\System32\taskeng.exe
3288 C:\Windows\System32\SearchProtocolHost.exe
3596 C:\Windows\System32\SearchFilterHost.exe
2476 C:\Windows\System32\SearchProtocolHost.exe
2148 C:\Users\XXXX\Desktop\MBRCheck.exe
3880 C:\Windows\SysWOW64\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800JB-00JJC0, Rev: 05.01C05
PhysicalDrive1 Model Number: WDCWD1200JB-00EVA0, Rev: 15.05R15

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
111 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!

cosinus 26.11.2011 13:40
Ok, der MBR scheint wieder Vista kompatible zu sein. Porbier nochmal aswMBR aus:

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Ben89 26.11.2011 17:23
Habs erneut versucht, einmal auch im abgesicherten Modus, führt nach wie vor zum Blue Screen...

cosinus 27.11.2011 00:56
Dann will es einfach nicht. Kommt mal vor.
Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Ben89 28.11.2011 23:55
Hier die Logs, sieht also so aus, als wäre mein PC sicher?

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4dd7aef404e8e541bd3b3ae1e2286234
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-17 10:08:15
# local_time=2011-11-17 11:08:15 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1280 16777215 100 0 269447 269447 0 0
# compatibility_mode=5892 16776638 100 56 21721341 159084072 0 0
# compatibility_mode=8192 67108863 100 0 4150 4150 0 0
# scanned=233798
# found=0
# cleaned=0
# scan_time=7646
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4dd7aef404e8e541bd3b3ae1e2286234
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-28 10:34:25
# local_time=2011-11-28 11:34:25 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1280 16777215 100 0 1219882 1219882 0 0
# compatibility_mode=5892 16776638 100 56 22671776 160034507 0 0
# compatibility_mode=8192 67108863 100 0 954585 954585 0 0
# scanned=225088
# found=0
# cleaned=0
# scan_time=9181







Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8252

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

27.11.2011 21:20:27
mbam-log-2011-11-27 (21-20-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 382712
Laufzeit: 1 Stunde(n), 40 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 29.11.2011 10:15
Was ist mit dem letzten Scan mit Superantispyware?

Ben89 30.11.2011 18:13
Sry, das hab ich vergessen gehabt zu posten, sollen die cookies removed werden?




SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 11/28/2011 at 02:00 AM

Application Version : 5.0.1136

Core Rules Database Version : 7988
Trace Rules Database Version: 5800

Scan type : Complete Scan
Total Scan Time : 03:02:28

Operating System Information
Windows Vista Business 64-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned : 497
Memory threats detected : 0
Registry items scanned : 70558
Registry threats detected : 0
File items scanned : 223443
File threats detected : 66

Adware.Tracking Cookie
C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Cookies\SMFJQ9NF.txt [ /adfarm1.adition.com ]
C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Cookies\66J5L0TW.txt [ /ad.yieldmanager.com ]
C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Cookies\NVHQAJMU.txt [ /ad3.adfarm1.adition.com ]
C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Cookies\VTB4G2U0.txt [ /serving-sys.com ]
C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Cookies\CDMOVEF9.txt [ /doubleclick.net ]
C:\USERS\XXXX\Cookies\SMFJQ9NF.txt [ Cookie:XXXX@adfarm1.adition.com/ ]
C:\USERS\XXXX\Cookies\66J5L0TW.txt [ Cookie:XXXX@ad.yieldmanager.com/ ]
C:\USERS\XXXX\Cookies\NVHQAJMU.txt [ Cookie:XXXX@ad3.adfarm1.adition.com/ ]
C:\USERS\XXXX\Cookies\VTB4G2U0.txt [ Cookie:XXXX@serving-sys.com/ ]
delivery.ibanner.de [ C:\USERS\XXXX\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RSSM6P6B ]
.revsci.net [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.mm.chitika.net [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\v\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
butlers.traffective-tracking.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
butlers.traffective-tracking.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
butlers.traffective-tracking.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
butlers.traffective-tracking.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
butlers.traffective-tracking.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]
butlers.traffective-tracking.com [ C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13BHH6JG.DEFAULT\COOKIES.SQLITE ]

cosinus 30.11.2011 21:47
Ja die Cookies können weg, sind aber harmlos.
Rechner soweit wieder im Lot?

Ben89 30.11.2011 23:29
Ja soweit ich das beurteilen kann schon, war ja meine ursprüngliche Frage, ob wirklich alles okay ist, nachdem ich die Sperrung ja wegbekommen habe.

Also wenn jetzt alles passt, sag ich schonmal, danke für die Unterstützung und die Auswertung der ganzen Logs!!
Deutlich angenehmer ein paar Scans durchlaufen zu lassen als Format C und alles neuzuinstallieren :)

cosinus 01.12.2011 10:31
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Ben89 01.12.2011 21:05
Okay, danke für die Tipps, werde ich alles berücksichtigen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:26 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131