Trojaner-Board - PC verhält sich komisch - Informationen dringen nach außen

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - PC verhält sich komisch - Informationen dringen nach außen (https://www.trojaner-board.de/105189-pc-verhaelt-komisch-informationen-dringen-aussen.html)

PC verhält sich komisch - Informationen dringen nach außen

Hallo, ich habe folgendes Problem.

Ich habe seit einiger Zeit den Verdacht, dass jemand auf meinem PC herumgeistert, sich Informationen verschafft (werde ab und zu auf etwas angesprochen, was zB bei Facebook im Chat geschrieben wurde oder in geschlossenen Gruppen, zu denen die von mir verdächtigten Personen keinen Zugang haben) und auch manipuliert (zB muss ich manchmal drei mal mit der Maus klicken bevor etwas passiert). Es ist ein Verdacht aber ich hätte es gern bestätigt. :kloppen:
Ich tausche gelegentlich Dateien und Ordner über USB-Sticks aus, vielleicht kommt es daher.

Was ich bisher getan habe:
Scans mit Antivir (Mbr-Scan), mit MBAM, mit Port Scan & Stuff 1.21 und mit OTL.
Ich habe außerdem bei Facebook eingestellt, dass ich eine Email mit der IP-Addresse des Anschlusses bekomme, welcher sich in mein Konto einloggt, wobei ich nichts feststellen konnte.

Der Port-Scan hat ergeben, dass die Ports 135, 139 und weitere fünf im Bereich 491xx geöffnet sind.

Ich habe mich vorher hier in diesem Forum, in http://www.trojaner-board.de/100806-...meinen-pc.html diesem Thread informiert, wo scheinbar ein ähnliches Problem bestand.
Daher habe ich die diesem User empfohlenen Kommandozeilen für meinen OTL-Scan benutz, jedoch ohne den Bereich /md5start bis /md5stop.
Nachträglich habe ich die Empfehlung für Threadstarter gelesen und den Scan nochmal mit den dort vorgeschlagenen Kommandos ausgeführt.

Ich werde mal beide OTL-Scans anfügen.
Bei dem zweite Suchlauf wurde keine Extras.txt-Datei erstellt, daher ist nur die eine dabei.

Ich hoffe, dass ich endlich gewissheit bekomme :)

Zitat:

c:programdataMPK (Refog.Keylogger)

Den Keylogger hast du installiert? :pfeiff:
Ein Keylogger zeichnet jeden Tastenanschlag der Tastatur auf und übermittelt die gespeicherten Daten seinem Herrn - und schon mal man die wahrscheinslichste Ursache für dein Problem gefunden.

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Den Refog hab ich tatsächlich selbst mal installiert, dachte ich hätte alles gelöscht :balla:

MBAM Suche läuft

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=6847c2ea6108294bbc4ee72d60710921

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-11-18 07:22:18

# local_time=2011-11-18 08:22:18 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1792 16777215 100 0 2808165 2808165 0 0

# compatibility_mode=5893 16776574 66 85 15236618 73266318 0 0

# compatibility_mode=8192 67108863 100 0 3807 3807 0 0

# scanned=214145

# found=4

# cleaned=0

# scan_time=7670

C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe        a variant of Win32/HotSpotShield application (unable to clean)        00000000000000000000000000000000        I

C:\Users\sepp\Desktop\Installs\Starter Tools\unlocker1.8.9.exe        Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I

D:\installs\HSS-1.57-install-anchorfree-76-conduit.exe        a variant of Win32/HotSpotShield application (unable to clean)        00000000000000000000000000000000        I

D:\installs\HSS-1.57-install-sjcairport-156-conduit.exe        a variant of Win32/HotSpotShield application (unable to clean)        00000000000000000000000000000000        I

Den "unlocker1.8.9.exe" hab ich noch aus XP Zeiten, damit lassen sich alle Arten von Dateien löschen. Quelle: Web.

Code:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 8189
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421
 

18.11.2011 18:07:43

mbam-log-2011-11-18 (18-07-43).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|M:\|)

Durchsuchte Objekte: 388957

Laufzeit: 1 Stunde(n), 6 Minute(n), 0 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Leider nicht, hab das erst gestern installiert. Höchstens die "Protection Logs" aber ich glaube kaum dass du die meinst

Code:

22:37:34        sepp        MESSAGE        Protection started successfully

22:37:38        sepp        MESSAGE        IP Protection started successfully

22:44:45        sepp        MESSAGE        Protection started successfully

22:44:49        sepp        MESSAGE        IP Protection started successfully

23:37:54        sepp        MESSAGE        Protection started successfully

23:37:58        sepp        MESSAGE        IP Protection started successfully

Mach bitte ein neues OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Code:

OTL logfile created on: 20.11.2011 18:58:48 - Run 3

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\sepp\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 68,60% Memory free

8,00 Gb Paging File | 6,77 Gb Available in Paging File | 84,72% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 68,26 Gb Total Space | 17,96 Gb Free Space | 26,31% Space Free | Partition Type: NTFS

Drive D: | 80,68 Gb Total Space | 7,98 Gb Free Space | 9,89% Space Free | Partition Type: NTFS

Drive F: | 156,25 Gb Total Space | 153,94 Gb Free Space | 98,52% Space Free | Partition Type: NTFS

 

Computer Name: SEPP-PC | User Name: sepp | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.11.17 22:38:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\sepp\Desktop\OTL.exe

PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011.01.26 23:55:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011.01.26 18:01:28 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2010.06.17 05:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2008.11.03 13:34:54 | 000,008,192 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Aladdin\eToken\PKIClient\x64\eTSrv.exe -- (eTSrv)

SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.03.25 02:14:52 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)

SRV - [2011.03.25 02:13:06 | 000,271,408 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)

SRV - [2011.01.05 19:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)

SRV - [2010.10.15 19:42:14 | 000,326,704 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)

SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.10.11 14:00:01 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.01.27 00:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011.01.26 23:13:32 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010.12.17 08:57:30 | 000,024,064 | ---- | M] (Shrew Soft Inc) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt)

DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2010.09.22 20:19:02 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)

DRV:64bit: - [2010.09.22 20:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)

DRV:64bit: - [2010.07.22 04:33:22 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet)

DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)

DRV:64bit: - [2009.09.28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.04.29 15:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)

DRV:64bit: - [2008.07.30 11:45:40 | 000,062,632 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aksifdh.sys -- (AKSIFDH)

DRV:64bit: - [2008.07.30 11:45:40 | 000,044,712 | ---- | M] (Aladdin Knowledge Systems, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksup.sys -- (AKSUP)

DRV:64bit: - [2008.01.02 12:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\LUMDriver.sys -- (LUMDriver)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://google.de"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165

 

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.03 22:25:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.17 22:33:46 | 000,000,000 | ---D | M]

 

[2011.03.12 14:30:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sepp\AppData\Roaming\mozilla\Extensions

[2011.11.20 17:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sepp\AppData\Roaming\mozilla\Firefox\Profiles\btw9bln4.default\extensions

[2011.11.10 16:13:37 | 000,000,000 | ---D | M] (DownloadHelper) --  -- C:\Users\sepp\AppData\Roaming\mozilla\Firefox\Profiles\btw9bln4.default\extensions\battlefieldheroespatcher@ea.com

[2011.11.20 17:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sepp\AppData\Roaming\mozilla\Firefox\Profiles\btw9bln4.default\extensions\staged

[2011.05.09 20:23:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011.03.31 22:23:06 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2011.05.09 20:23:08 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com

() (No name found) -- C:\USERS\SEPP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BTW9BLN4.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI

() (No name found) -- C:\USERS\SEPP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BTW9BLN4.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\USERS\SEPP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BTW9BLN4.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI

() (No name found) -- C:\USERS\SEPP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BTW9BLN4.DEFAULT\EXTENSIONS\YOUTUBEQUALITY@RZLL.XPI

[2011.10.03 22:25:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.06.09 12:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll

[2011.10.03 22:25:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.03 22:25:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011.10.03 22:25:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.10.03 22:25:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.03 22:25:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.10.03 22:25:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.10.13 13:37:30 | 000,612,606 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1  localhost

O1 - Hosts: ::1  localhost #[IPv6]

O1 - Hosts: 127.0.0.1  fr.a2dfp.net

O1 - Hosts: 127.0.0.1  m.fr.a2dfp.net

O1 - Hosts: 127.0.0.1  ad.a8.net

O1 - Hosts: 127.0.0.1  asy.a8ww.net

O1 - Hosts: 127.0.0.1  abcstats.com

O1 - Hosts: 127.0.0.1  a.abv.bg

O1 - Hosts: 127.0.0.1  adserver.abv.bg

O1 - Hosts: 127.0.0.1  adv.abv.bg

O1 - Hosts: 127.0.0.1  bimg.abv.bg

O1 - Hosts: 127.0.0.1  ca.abv.bg

O1 - Hosts: 127.0.0.1  www2.a-counter.kiev.ua

O1 - Hosts: 127.0.0.1  track.acclaimnetwork.com

O1 - Hosts: 127.0.0.1  accuserveadsystem.com

O1 - Hosts: 127.0.0.1  www.accuserveadsystem.com

O1 - Hosts: 127.0.0.1  achmedia.com

O1 - Hosts: 127.0.0.1  aconti.net

O1 - Hosts: 127.0.0.1  secure.aconti.net

O1 - Hosts: 127.0.0.1  www.aconti.net #[Dialer.Aconti]

O1 - Hosts: 127.0.0.1  am1.activemeter.com

O1 - Hosts: 127.0.0.1  www.activemeter.com #[Tracking.Cookie]

O1 - Hosts: 127.0.0.1  ads.activepower.net

O1 - Hosts: 127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]

O1 - Hosts: 127.0.0.1  ad2games.com

O1 - Hosts: 16290 more lines...

O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7982757-D84A-4F7D-A85D-63EA3849FDC2}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\MPK\mpk.exe) -  File not found

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.01.13 23:21:11 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{94284b85-4ca8-11e0-af99-90fba688f7e3}\Shell - "" = AutoRun

O33 - MountPoints2\{94284b85-4ca8-11e0-af99-90fba688f7e3}\Shell\AutoRun\command - "" = K:\SETUP.EXE

O33 - MountPoints2\{94284b85-4ca8-11e0-af99-90fba688f7e3}\Shell\configure\command - "" = K:\SETUP.EXE

O33 - MountPoints2\{94284b85-4ca8-11e0-af99-90fba688f7e3}\Shell\install\command - "" = K:\SETUP.EXE

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk -  - File not found

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

MsConfig:64bit - StartUpReg: DriverScanner - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: eTMonitor - hkey= - key= - C:\Program Files\Aladdin\eToken\PKIClient\x64\PKIMonitor.exe (Aladdin Knowledge Systems, Ltd.)

MsConfig:64bit - StartUpReg: ICQ - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)

MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

MsConfig:64bit - State: "bootini" - Reg Error: Key error.

MsConfig:64bit - State: "services" - Reg Error: Key error.

MsConfig:64bit - State: "startup" - Reg Error: Key error.

 

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.11.20 00:02:21 | 000,000,000 | ---D | C] -- C:\Users\sepp\Desktop\Neuer Ordner

[2011.11.19 23:10:33 | 000,000,000 | ---D | C] -- C:\Users\sepp\AppData\Local\Solid State Networks

[2011.11.19 17:04:57 | 000,000,000 | ---D | C] -- C:\Users\sepp\Desktop\PLAYLIST

[2011.11.18 18:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2011.11.18 00:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2011.11.18 00:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip

[2011.11.17 23:33:29 | 000,000,000 | ---D | C] -- C:\Users\sepp\Desktop\logs

[2011.11.17 22:38:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\sepp\Desktop\OTL.exe

[2011.11.17 22:37:11 | 000,000,000 | ---D | C] -- C:\Users\sepp\AppData\Roaming\Malwarebytes

[2011.11.17 22:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.11.17 22:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.11.17 22:37:03 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.11.17 22:37:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.11.17 22:32:55 | 000,000,000 | ---D | C] -- C:\Users\sepp\AppData\Roaming\SumatraPDF

[2011.11.17 22:32:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SumatraPDF

[2011.11.17 21:03:59 | 000,504,080 | ---- | C] (CompSoft) -- C:\Users\sepp\Desktop\PortScan.exe

[2011.11.17 21:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Port Scanner

[2011.11.17 21:02:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced Port Scanner

[2011.11.11 19:52:11 | 000,000,000 | ---D | C] -- C:\Users\sepp\AppData\Local\ElevatedDiagnostics

[2011.11.10 16:29:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt

[2011.11.10 16:09:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems

[2011.11.10 16:07:07 | 000,000,000 | ---D | C] -- C:\Users\sepp\AppData\Roaming\FastSum

[2011.11.10 16:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastSum

[2011.11.10 16:06:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastSum

[2011.11.08 08:50:13 | 000,000,000 | ---D | C] -- C:\Users\sepp\Desktop\Neuer Ordner (2)

[2011.11.04 18:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue

[2011.11.04 18:19:59 | 000,000,000 | ---D | C] -- C:\Users\sepp\AppData\Roaming\Canneverbe Limited

[2011.11.04 18:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited

[2011.11.04 18:19:38 | 000,000,000 | ---D | C] -- C:\Users\sepp\AppData\Roaming\OpenCandy

[2011.11.04 18:19:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP

[2011.10.27 22:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frets on Fire

[2011.10.27 22:39:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Frets on Fire

[1 C:\Users\sepp\Desktop\*.tmp files -> C:\Users\sepp\Desktop\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.11.20 18:57:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.11.20 18:57:40 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys

[2011.11.20 14:02:25 | 000,016,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.11.20 14:02:25 | 000,016,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.11.20 14:01:19 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.11.20 14:01:19 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.11.20 14:01:19 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.11.20 14:01:19 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.11.20 14:01:19 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.11.19 23:30:23 | 000,001,143 | ---- | M] () -- C:\Users\sepp\Desktop\ScanResult.xml

[2011.11.19 21:20:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2011.11.18 00:36:55 | 000,150,214 | ---- | M] () -- C:\Users\sepp\hosts.zip

[2011.11.17 23:34:34 | 000,000,020 | ---- | M] () -- C:\Users\sepp\defogger_reenable

[2011.11.17 22:38:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\sepp\Desktop\OTL.exe

[2011.11.17 22:37:07 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.11.17 21:17:30 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF

[2011.11.17 17:43:20 | 000,458,752 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl

[2011.11.16 13:48:24 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF

[2011.11.09 14:21:47 | 000,425,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[1 C:\Users\sepp\Desktop\*.tmp files -> C:\Users\sepp\Desktop\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.11.19 21:20:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt

[2011.11.18 00:41:21 | 000,612,606 | ---- | C] () -- C:\Users\sepp\HOSTS

[2011.11.18 00:41:21 | 000,001,611 | ---- | C] () -- C:\Users\sepp\mvps.bat

[2011.11.18 00:36:55 | 000,150,214 | ---- | C] () -- C:\Users\sepp\hosts.zip

[2011.11.17 23:34:33 | 000,000,020 | ---- | C] () -- C:\Users\sepp\defogger_reenable

[2011.11.17 22:37:07 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.11.17 22:32:53 | 000,001,929 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk

[2011.11.16 14:09:42 | 000,458,752 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl

[2011.11.14 21:24:52 | 001,329,085 | ---- | C] () -- C:\Users\sepp\Desktop\Elektronik-Versuch-5-Transistor.pdf

[2011.11.10 16:30:18 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF

[2011.11.10 16:09:06 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF

[2011.11.04 18:19:40 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk

[2011.06.28 21:45:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat

[2011.03.31 22:25:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011.03.12 13:59:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010.12.21 03:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.03.12 17:50:49 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\Adobe

[2011.07.06 19:56:50 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\Amazon

[2011.03.29 23:22:29 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\Ashampoo

[2011.03.12 14:00:52 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\ATI

[2011.10.17 06:12:10 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\Avira

[2011.11.08 08:30:58 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\BitTorrent

[2011.11.04 18:19:59 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\Canneverbe Limited

[2011.03.12 14:07:01 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\DAEMON Tools Lite

[2011.07.25 18:47:04 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\DVDVideoSoft

[2011.03.13 14:01:25 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.05.24 20:33:10 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\elsterformular

[2011.11.10 16:07:28 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\FastSum

[2011.06.15 22:17:31 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\gtk-2.0

[2011.05.15 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\ICQ

[2011.03.12 13:43:55 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\Identities

[2011.09.07 10:06:02 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\InstallShield Installation Information

[2011.03.12 14:35:09 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\Macromedia

[2011.11.17 22:37:11 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\Malwarebytes

[2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\Media Center Programs

[2011.11.04 18:30:11 | 000,000,000 | --SD | M] -- C:\Users\sepp\AppData\Roaming\Microsoft

[2011.03.12 14:30:00 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\Mozilla

[2011.11.04 18:19:41 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\OpenCandy

[2011.09.10 14:34:44 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\Skype

[2011.09.10 07:34:04 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\skypePM

[2011.11.19 23:47:23 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\SumatraPDF

[2011.06.27 20:44:54 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\vlc

[2011.03.16 23:05:14 | 000,000,000 | ---D | M] -- C:\Users\sepp\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2011.09.07 09:30:34 | 000,331,776 | ---- | M] () -- C:\Users\sepp\AppData\Roaming\InstallShield Installation Information\{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}\SetupUT3.exe

[2011.08.01 17:32:56 | 005,845,544 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\sepp\AppData\Roaming\OpenCandy\D5E09A488D3A412B9D4587A40FA27EC9\ds_DeDnCD_driverscanner.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >
 

< End of report >

Ich habe gestern eine neue Hosts Datei installiert, daher die Veränderung ebendieser.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.01.13 23:21:11 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{94284b85-4ca8-11e0-af99-90fba688f7e3}\Shell - "" = AutoRun

O33 - MountPoints2\{94284b85-4ca8-11e0-af99-90fba688f7e3}\Shell\AutoRun\command - "" = K:\SETUP.EXE

O33 - MountPoints2\{94284b85-4ca8-11e0-af99-90fba688f7e3}\Shell\configure\command - "" = K:\SETUP.EXE

O33 - MountPoints2\{94284b85-4ca8-11e0-af99-90fba688f7e3}\Shell\install\command - "" = K:\SETUP.EXE

:Commands

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

F:\AUTOEXEC.BAT moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94284b85-4ca8-11e0-af99-90fba688f7e3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94284b85-4ca8-11e0-af99-90fba688f7e3}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94284b85-4ca8-11e0-af99-90fba688f7e3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94284b85-4ca8-11e0-af99-90fba688f7e3}\ not found.

File K:\SETUP.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94284b85-4ca8-11e0-af99-90fba688f7e3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94284b85-4ca8-11e0-af99-90fba688f7e3}\ not found.

File K:\SETUP.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94284b85-4ca8-11e0-af99-90fba688f7e3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94284b85-4ca8-11e0-af99-90fba688f7e3}\ not found.

File K:\SETUP.EXE not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Gastkonto

->Temp folder emptied: 33701 bytes

->Temporary Internet Files folder emptied: 268294 bytes

->FireFox cache emptied: 7058664 bytes

 

User: Public

 

User: sepp

->Temp folder emptied: 1202726 bytes

->Temporary Internet Files folder emptied: 127741686 bytes

->FireFox cache emptied: 43413547 bytes

->Flash cache emptied: 1380 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 96688172 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 264,00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 11212011_155545
 

Files\Folders moved on Reboot...

C:\Users\sepp\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Code:

16:20:23.0363 0228        TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50

16:20:23.0535 0228        ============================================================

16:20:23.0535 0228        Current date / time: 2011/11/21 16:20:23.0535

16:20:23.0535 0228        SystemInfo:

16:20:23.0535 0228        

16:20:23.0535 0228        OS Version: 6.1.7601 ServicePack: 1.0

16:20:23.0535 0228        Product type: Workstation

16:20:23.0535 0228        ComputerName: SEPP-PC

16:20:23.0535 0228        UserName: sepp

16:20:23.0535 0228        Windows directory: C:\Windows

16:20:23.0535 0228        System windows directory: C:\Windows

16:20:23.0535 0228        Running under WOW64

16:20:23.0535 0228        Processor architecture: Intel x64

16:20:23.0535 0228        Number of processors: 6

16:20:23.0535 0228        Page size: 0x1000

16:20:23.0535 0228        Boot type: Normal boot

16:20:23.0535 0228        ============================================================

16:20:24.0409 0228        Initialize success

16:20:31.0585 2528        ============================================================

16:20:31.0585 2528        Scan started

16:20:31.0585 2528        Mode: Manual; SigCheck; TDLFS; 

16:20:31.0585 2528        ============================================================

16:20:32.0255 2528        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

16:20:32.0380 2528        1394ohci - ok

16:20:32.0411 2528        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

16:20:32.0427 2528        ACPI - ok

16:20:32.0474 2528        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

16:20:32.0536 2528        AcpiPmi - ok

16:20:32.0583 2528        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

16:20:32.0645 2528        adp94xx - ok

16:20:32.0677 2528        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

16:20:32.0723 2528        adpahci - ok

16:20:32.0739 2528        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

16:20:32.0755 2528        adpu320 - ok

16:20:32.0833 2528        AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

16:20:32.0942 2528        AFD - ok

16:20:32.0989 2528        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

16:20:33.0035 2528        agp440 - ok

16:20:33.0082 2528        AKSIFDH         (3392a62bd8c2232c87b94c330afa91b1) C:\Windows\system32\DRIVERS\aksifdh.sys

16:20:33.0113 2528        AKSIFDH - ok

16:20:33.0160 2528        AKSUP           (ed56724b39d1b965d64b9ef50fafd3bd) C:\Windows\system32\drivers\aksup.sys

16:20:33.0191 2528        AKSUP - ok

16:20:33.0223 2528        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

16:20:33.0238 2528        aliide - ok

16:20:33.0301 2528        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

16:20:33.0332 2528        amdide - ok

16:20:33.0379 2528        amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys

16:20:33.0410 2528        amdiox64 - ok

16:20:33.0457 2528        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

16:20:33.0519 2528        AmdK8 - ok

16:20:33.0769 2528        amdkmdag        (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys

16:20:34.0112 2528        amdkmdag - ok

16:20:34.0221 2528        amdkmdap        (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys

16:20:34.0315 2528        amdkmdap - ok

16:20:34.0361 2528        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

16:20:34.0424 2528        AmdPPM - ok

16:20:34.0471 2528        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

16:20:34.0502 2528        amdsata - ok

16:20:34.0533 2528        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

16:20:34.0580 2528        amdsbs - ok

16:20:34.0595 2528        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

16:20:34.0627 2528        amdxata - ok

16:20:34.0705 2528        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

16:20:34.0751 2528        AppID - ok

16:20:34.0814 2528        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

16:20:34.0845 2528        arc - ok

16:20:34.0876 2528        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

16:20:34.0892 2528        arcsas - ok

16:20:34.0923 2528        aswFsBlk        (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys

16:20:34.0954 2528        aswFsBlk - ok

16:20:35.0017 2528        aswMonFlt       (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys

16:20:35.0048 2528        aswMonFlt - ok

16:20:35.0079 2528        aswRdr          (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys

16:20:35.0095 2528        aswRdr - ok

16:20:35.0141 2528        aswSnx          (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys

16:20:35.0188 2528        aswSnx - ok

16:20:35.0266 2528        aswSP           (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys

16:20:35.0297 2528        aswSP - ok

16:20:35.0329 2528        aswTdi          (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys

16:20:35.0344 2528        aswTdi - ok

16:20:35.0391 2528        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

16:20:35.0485 2528        AsyncMac - ok

16:20:35.0531 2528        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

16:20:35.0563 2528        atapi - ok

16:20:35.0594 2528        AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys

16:20:35.0609 2528        AtiHDAudioService - ok

16:20:35.0672 2528        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys

16:20:35.0687 2528        avgntflt - ok

16:20:35.0719 2528        avipbb          (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys

16:20:35.0750 2528        avipbb - ok

16:20:35.0797 2528        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

16:20:35.0812 2528        avkmgr - ok

16:20:35.0875 2528        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

16:20:35.0937 2528        b06bdrv - ok

16:20:35.0984 2528        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

16:20:36.0046 2528        b57nd60a - ok

16:20:36.0109 2528        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

16:20:36.0187 2528        Beep - ok

16:20:36.0249 2528        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

16:20:36.0280 2528        blbdrive - ok

16:20:36.0311 2528        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

16:20:36.0358 2528        bowser - ok

16:20:36.0389 2528        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

16:20:36.0436 2528        BrFiltLo - ok

16:20:36.0452 2528        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

16:20:36.0483 2528        BrFiltUp - ok

16:20:36.0530 2528        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

16:20:36.0592 2528        Brserid - ok

16:20:36.0608 2528        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

16:20:36.0655 2528        BrSerWdm - ok

16:20:36.0670 2528        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

16:20:36.0701 2528        BrUsbMdm - ok

16:20:36.0701 2528        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

16:20:36.0733 2528        BrUsbSer - ok

16:20:36.0748 2528        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

16:20:36.0764 2528        BTHMODEM - ok

16:20:36.0811 2528        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

16:20:36.0873 2528        cdfs - ok

16:20:36.0935 2528        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

16:20:37.0013 2528        cdrom - ok

16:20:37.0060 2528        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

16:20:37.0123 2528        circlass - ok

16:20:37.0169 2528        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

16:20:37.0185 2528        CLFS - ok

16:20:37.0232 2528        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

16:20:37.0279 2528        CmBatt - ok

16:20:37.0310 2528        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

16:20:37.0341 2528        cmdide - ok

16:20:37.0388 2528        CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

16:20:37.0466 2528        CNG - ok

16:20:37.0481 2528        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

16:20:37.0497 2528        Compbatt - ok

16:20:37.0559 2528        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

16:20:37.0606 2528        CompositeBus - ok

16:20:37.0653 2528        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

16:20:37.0684 2528        crcdisk - ok

16:20:37.0747 2528        CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

16:20:37.0856 2528        CSC - ok

16:20:37.0918 2528        CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys

16:20:37.0949 2528        CVirtA - ok

16:20:38.0012 2528        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

16:20:38.0090 2528        DfsC - ok

16:20:38.0137 2528        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

16:20:38.0152 2528        discache - ok

16:20:38.0199 2528        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

16:20:38.0215 2528        Disk - ok

16:20:38.0277 2528        DNE             (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys

16:20:38.0324 2528        DNE - ok

16:20:38.0371 2528        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

16:20:38.0417 2528        drmkaud - ok

16:20:38.0495 2528        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

16:20:38.0542 2528        DXGKrnl - ok

16:20:38.0636 2528        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

16:20:38.0776 2528        ebdrv - ok

16:20:38.0901 2528        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

16:20:38.0963 2528        elxstor - ok

16:20:39.0010 2528        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

16:20:39.0073 2528        ErrDev - ok

16:20:39.0104 2528        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

16:20:39.0182 2528        exfat - ok

16:20:39.0213 2528        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

16:20:39.0260 2528        fastfat - ok

16:20:39.0291 2528        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

16:20:39.0322 2528        fdc - ok

16:20:39.0353 2528        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

16:20:39.0369 2528        FileInfo - ok

16:20:39.0400 2528        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

16:20:39.0478 2528        Filetrace - ok

16:20:39.0494 2528        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

16:20:39.0494 2528        flpydisk - ok

16:20:39.0556 2528        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

16:20:39.0587 2528        FltMgr - ok

16:20:39.0619 2528        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

16:20:39.0634 2528        FsDepends - ok

16:20:39.0650 2528        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

16:20:39.0665 2528        Fs_Rec - ok

16:20:39.0743 2528        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

16:20:39.0790 2528        fvevol - ok

16:20:39.0821 2528        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

16:20:39.0837 2528        gagp30kx - ok

16:20:39.0853 2528        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

16:20:39.0899 2528        hcw85cir - ok

16:20:39.0993 2528        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

16:20:40.0071 2528        HdAudAddService - ok

16:20:40.0118 2528        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

16:20:40.0149 2528        HDAudBus - ok

16:20:40.0180 2528        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

16:20:40.0227 2528        HidBatt - ok

16:20:40.0243 2528        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

16:20:40.0289 2528        HidBth - ok

16:20:40.0305 2528        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

16:20:40.0352 2528        HidIr - ok

16:20:40.0414 2528        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

16:20:40.0461 2528        HidUsb - ok

16:20:40.0508 2528        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

16:20:40.0555 2528        HpSAMD - ok

16:20:40.0617 2528        HssDrv          (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys

16:20:40.0633 2528        HssDrv - ok

16:20:40.0726 2528        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

16:20:40.0820 2528        HTTP - ok

16:20:40.0867 2528        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

16:20:40.0898 2528        hwpolicy - ok

16:20:40.0945 2528        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

16:20:40.0991 2528        i8042prt - ok

16:20:41.0054 2528        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

16:20:41.0101 2528        iaStorV - ok

16:20:41.0147 2528        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

16:20:41.0147 2528        iirsp - ok

16:20:41.0179 2528        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

16:20:41.0194 2528        intelide - ok

16:20:41.0241 2528        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

16:20:41.0319 2528        intelppm - ok

16:20:41.0381 2528        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:20:41.0475 2528        IpFilterDriver - ok

16:20:41.0537 2528        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

16:20:41.0553 2528        IPMIDRV - ok

16:20:41.0584 2528        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

16:20:41.0631 2528        IPNAT - ok

16:20:41.0662 2528        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

16:20:41.0693 2528        IRENUM - ok

16:20:41.0709 2528        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

16:20:41.0740 2528        isapnp - ok

16:20:41.0787 2528        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\DRIVERS\msiscsi.sys

16:20:41.0803 2528        iScsiPrt - ok

16:20:41.0865 2528        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

16:20:41.0896 2528        kbdclass - ok

16:20:41.0959 2528        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

16:20:42.0005 2528        kbdhid - ok

16:20:42.0068 2528        KMWDFILTER      (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys

16:20:42.0099 2528        KMWDFILTER - ok

16:20:42.0146 2528        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

16:20:42.0193 2528        KSecDD - ok

16:20:42.0239 2528        KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

16:20:42.0271 2528        KSecPkg - ok

16:20:42.0317 2528        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

16:20:42.0380 2528        ksthunk - ok

16:20:42.0427 2528        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

16:20:42.0520 2528        lltdio - ok

16:20:42.0567 2528        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

16:20:42.0598 2528        LSI_FC - ok

16:20:42.0629 2528        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

16:20:42.0645 2528        LSI_SAS - ok

16:20:42.0676 2528        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

16:20:42.0692 2528        LSI_SAS2 - ok

16:20:42.0723 2528        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

16:20:42.0739 2528        LSI_SCSI - ok

16:20:42.0770 2528        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

16:20:42.0817 2528        luafv - ok

16:20:42.0879 2528        LUMDriver       (701223c663019b62029fab1a2385ee81) C:\Windows\system32\drivers\LUMDriver.sys

16:20:42.0910 2528        LUMDriver - ok

16:20:42.0957 2528        MBAMProtector   (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys

16:20:42.0988 2528        MBAMProtector ( UnsignedFile.Multi.Generic ) - warning

16:20:42.0988 2528        MBAMProtector - detected UnsignedFile.Multi.Generic (1)

16:20:43.0051 2528        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

16:20:43.0082 2528        megasas - ok

16:20:43.0129 2528        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

16:20:43.0191 2528        MegaSR - ok

16:20:43.0238 2528        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

16:20:43.0285 2528        Modem - ok

16:20:43.0316 2528        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

16:20:43.0363 2528        monitor - ok

16:20:43.0409 2528        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

16:20:43.0456 2528        mouclass - ok

16:20:43.0472 2528        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

16:20:43.0519 2528        mouhid - ok

16:20:43.0565 2528        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

16:20:43.0597 2528        mountmgr - ok

16:20:43.0643 2528        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

16:20:43.0675 2528        mpio - ok

16:20:43.0706 2528        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

16:20:43.0784 2528        mpsdrv - ok

16:20:43.0831 2528        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

16:20:43.0877 2528        MRxDAV - ok

16:20:43.0924 2528        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

16:20:43.0987 2528        mrxsmb - ok

16:20:44.0033 2528        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:20:44.0080 2528        mrxsmb10 - ok

16:20:44.0111 2528        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:20:44.0127 2528        mrxsmb20 - ok

16:20:44.0189 2528        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

16:20:44.0221 2528        msahci - ok

16:20:44.0267 2528        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

16:20:44.0314 2528        msdsm - ok

16:20:44.0345 2528        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

16:20:44.0408 2528        Msfs - ok

16:20:44.0439 2528        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

16:20:44.0517 2528        mshidkmdf - ok

16:20:44.0564 2528        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

16:20:44.0595 2528        msisadrv - ok

16:20:44.0642 2528        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

16:20:44.0689 2528        MSKSSRV - ok

16:20:44.0720 2528        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

16:20:44.0798 2528        MSPCLOCK - ok

16:20:44.0798 2528        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

16:20:44.0845 2528        MSPQM - ok

16:20:44.0907 2528        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

16:20:44.0938 2528        MsRPC - ok

16:20:45.0001 2528        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

16:20:45.0016 2528        mssmbios - ok

16:20:45.0032 2528        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

16:20:45.0094 2528        MSTEE - ok

16:20:45.0110 2528        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

16:20:45.0125 2528        MTConfig - ok

16:20:45.0157 2528        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

16:20:45.0172 2528        Mup - ok

16:20:45.0203 2528        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

16:20:45.0266 2528        NativeWifiP - ok

16:20:45.0344 2528        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

16:20:45.0375 2528        NDIS - ok

16:20:45.0406 2528        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

16:20:45.0437 2528        NdisCap - ok

16:20:45.0469 2528        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

16:20:45.0515 2528        NdisTapi - ok

16:20:45.0562 2528        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

16:20:45.0640 2528        Ndisuio - ok

16:20:45.0687 2528        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

16:20:45.0765 2528        NdisWan - ok

16:20:45.0796 2528        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

16:20:45.0874 2528        NDProxy - ok

16:20:45.0921 2528        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

16:20:45.0999 2528        NetBIOS - ok

16:20:46.0046 2528        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

16:20:46.0124 2528        NetBT - ok

16:20:46.0171 2528        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

16:20:46.0217 2528        nfrd960 - ok

16:20:46.0264 2528        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

16:20:46.0311 2528        Npfs - ok

16:20:46.0342 2528        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

16:20:46.0420 2528        nsiproxy - ok

16:20:46.0498 2528        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

16:20:46.0592 2528        Ntfs - ok

16:20:46.0623 2528        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

16:20:46.0685 2528        Null - ok

16:20:46.0748 2528        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

16:20:46.0795 2528        nvraid - ok

16:20:46.0826 2528        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

16:20:46.0841 2528        nvstor - ok

16:20:46.0857 2528        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

16:20:46.0888 2528        nv_agp - ok

16:20:46.0935 2528        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

16:20:46.0997 2528        ohci1394 - ok

16:20:47.0044 2528        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

16:20:47.0060 2528        Parport - ok

16:20:47.0107 2528        partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

16:20:47.0138 2528        partmgr - ok

16:20:47.0200 2528        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

16:20:47.0231 2528        pci - ok

16:20:47.0247 2528        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

16:20:47.0263 2528        pciide - ok

16:20:47.0294 2528        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

16:20:47.0325 2528        pcmcia - ok

16:20:47.0356 2528        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

16:20:47.0372 2528        pcw - ok

16:20:47.0403 2528        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

16:20:47.0497 2528        PEAUTH - ok

16:20:47.0575 2528        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

16:20:47.0637 2528        PptpMiniport - ok

16:20:47.0653 2528        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

16:20:47.0699 2528        Processor - ok

16:20:47.0762 2528        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

16:20:47.0855 2528        Psched - ok

16:20:47.0918 2528        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

16:20:48.0027 2528        ql2300 - ok

16:20:48.0058 2528        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

16:20:48.0105 2528        ql40xx - ok

16:20:48.0121 2528        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

16:20:48.0152 2528        QWAVEdrv - ok

16:20:48.0183 2528        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

16:20:48.0261 2528        RasAcd - ok

16:20:48.0323 2528        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

16:20:48.0370 2528        RasAgileVpn - ok

16:20:48.0433 2528        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

16:20:48.0511 2528        Rasl2tp - ok

16:20:48.0542 2528        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

16:20:48.0589 2528        RasPppoe - ok

16:20:48.0620 2528        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

16:20:48.0682 2528        RasSstp - ok

16:20:48.0760 2528        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

16:20:48.0869 2528        rdbss - ok

16:20:48.0885 2528        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

16:20:48.0916 2528        rdpbus - ok

16:20:48.0947 2528        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

16:20:49.0010 2528        RDPCDD - ok

16:20:49.0057 2528        RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

16:20:49.0103 2528        RDPDR - ok

16:20:49.0103 2528        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

16:20:49.0150 2528        RDPENCDD - ok

16:20:49.0181 2528        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

16:20:49.0213 2528        RDPREFMP - ok

16:20:49.0259 2528        RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

16:20:49.0337 2528        RDPWD - ok

16:20:49.0400 2528        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

16:20:49.0462 2528        rdyboost - ok

16:20:49.0493 2528        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

16:20:49.0571 2528        rspndr - ok

16:20:49.0603 2528        s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

16:20:49.0649 2528        s3cap - ok

16:20:49.0696 2528        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

16:20:49.0712 2528        sbp2port - ok

16:20:49.0759 2528        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

16:20:49.0821 2528        scfilter - ok

16:20:49.0883 2528        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

16:20:49.0930 2528        secdrv - ok

16:20:49.0961 2528        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

16:20:49.0977 2528        Serenum - ok

16:20:50.0024 2528        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

16:20:50.0055 2528        Serial - ok

16:20:50.0102 2528        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

16:20:50.0133 2528        sermouse - ok

16:20:50.0180 2528        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

16:20:50.0242 2528        sffdisk - ok

16:20:50.0258 2528        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

16:20:50.0305 2528        sffp_mmc - ok

16:20:50.0320 2528        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

16:20:50.0351 2528        sffp_sd - ok

16:20:50.0383 2528        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

16:20:50.0429 2528        sfloppy - ok

16:20:50.0476 2528        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

16:20:50.0523 2528        SiSRaid2 - ok

16:20:50.0539 2528        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

16:20:50.0554 2528        SiSRaid4 - ok

16:20:50.0585 2528        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

16:20:50.0663 2528        Smb - ok

16:20:50.0710 2528        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

16:20:50.0741 2528        spldr - ok

16:20:50.0757 2528        sptd - ok

16:20:50.0804 2528        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

16:20:50.0866 2528        srv - ok

16:20:50.0897 2528        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

16:20:50.0944 2528        srv2 - ok

16:20:50.0975 2528        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

16:20:51.0022 2528        srvnet - ok

16:20:51.0053 2528        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

16:20:51.0069 2528        stexstor - ok

16:20:51.0116 2528        storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

16:20:51.0131 2528        storflt - ok

16:20:51.0163 2528        storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

16:20:51.0178 2528        storvsc - ok

16:20:51.0209 2528        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

16:20:51.0209 2528        swenum - ok

16:20:51.0272 2528        taphss          (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys

16:20:51.0334 2528        taphss - ok

16:20:51.0428 2528        Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

16:20:51.0553 2528        Tcpip - ok

16:20:51.0615 2528        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

16:20:51.0631 2528        TCPIP6 - ok

16:20:51.0693 2528        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

16:20:51.0787 2528        tcpipreg - ok

16:20:51.0818 2528        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

16:20:51.0849 2528        TDPIPE - ok

16:20:51.0865 2528        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

16:20:51.0896 2528        TDTCP - ok

16:20:51.0958 2528        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

16:20:52.0036 2528        tdx - ok

16:20:52.0067 2528        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

16:20:52.0083 2528        TermDD - ok

16:20:52.0145 2528        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

16:20:52.0208 2528        tssecsrv - ok

16:20:52.0255 2528        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

16:20:52.0286 2528        TsUsbFlt - ok

16:20:52.0348 2528        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

16:20:52.0426 2528        tunnel - ok

16:20:52.0457 2528        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

16:20:52.0457 2528        uagp35 - ok

16:20:52.0504 2528        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

16:20:52.0613 2528        udfs - ok

16:20:52.0660 2528        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

16:20:52.0691 2528        uliagpkx - ok

16:20:52.0754 2528        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

16:20:52.0816 2528        umbus - ok

16:20:52.0832 2528        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

16:20:52.0863 2528        UmPass - ok

16:20:52.0925 2528        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

16:20:52.0972 2528        usbaudio - ok

16:20:53.0019 2528        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

16:20:53.0035 2528        usbccgp - ok

16:20:53.0081 2528        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

16:20:53.0144 2528        usbcir - ok

16:20:53.0175 2528        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

16:20:53.0222 2528        usbehci - ok

16:20:53.0269 2528        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

16:20:53.0347 2528        usbhub - ok

16:20:53.0378 2528        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

16:20:53.0409 2528        usbohci - ok

16:20:53.0456 2528        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

16:20:53.0487 2528        usbprint - ok

16:20:53.0518 2528        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

16:20:53.0565 2528        usbscan - ok

16:20:53.0612 2528        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:20:53.0659 2528        USBSTOR - ok

16:20:53.0690 2528        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

16:20:53.0737 2528        usbuhci - ok

16:20:53.0783 2528        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

16:20:53.0799 2528        vdrvroot - ok

16:20:53.0861 2528        vflt            (e4da1d85cccb610dff0c0e116900e17f) C:\Windows\system32\DRIVERS\vfilter.sys

16:20:53.0893 2528        vflt ( UnsignedFile.Multi.Generic ) - warning

16:20:53.0893 2528        vflt - detected UnsignedFile.Multi.Generic (1)

16:20:53.0924 2528        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

16:20:53.0955 2528        vga - ok

16:20:53.0986 2528        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

16:20:54.0049 2528        VgaSave - ok

16:20:54.0095 2528        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

16:20:54.0127 2528        vhdmp - ok

16:20:54.0173 2528        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

16:20:54.0189 2528        viaide - ok

16:20:54.0220 2528        vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

16:20:54.0251 2528        vmbus - ok

16:20:54.0283 2528        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

16:20:54.0314 2528        VMBusHID - ok

16:20:54.0376 2528        vnet            (a99ca064ad11266fe7067a79bf78bbb5) C:\Windows\system32\DRIVERS\virtualnet.sys

16:20:54.0407 2528        vnet ( UnsignedFile.Multi.Generic ) - warning

16:20:54.0407 2528        vnet - detected UnsignedFile.Multi.Generic (1)

16:20:54.0439 2528        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

16:20:54.0485 2528        volmgr - ok

16:20:54.0548 2528        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

16:20:54.0595 2528        volmgrx - ok

16:20:54.0626 2528        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

16:20:54.0673 2528        volsnap - ok

16:20:54.0719 2528        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

16:20:54.0751 2528        vsmraid - ok

16:20:54.0782 2528        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

16:20:54.0813 2528        vwifibus - ok

16:20:54.0844 2528        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

16:20:54.0891 2528        WacomPen - ok

16:20:54.0938 2528        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

16:20:55.0000 2528        WANARP - ok

16:20:55.0016 2528        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

16:20:55.0031 2528        Wanarpv6 - ok

16:20:55.0063 2528        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

16:20:55.0078 2528        Wd - ok

16:20:55.0109 2528        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

16:20:55.0187 2528        Wdf01000 - ok

16:20:55.0234 2528        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

16:20:55.0265 2528        WfpLwf - ok

16:20:55.0281 2528        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

16:20:55.0297 2528        WIMMount - ok

16:20:55.0359 2528        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

16:20:55.0390 2528        WmiAcpi - ok

16:20:55.0437 2528        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

16:20:55.0468 2528        ws2ifsl - ok

16:20:55.0531 2528        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

16:20:55.0624 2528        WudfPf - ok

16:20:55.0671 2528        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

16:20:55.0780 2528        WUDFRd - ok

16:20:55.0858 2528        yukonw7         (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys

16:20:55.0889 2528        yukonw7 - ok

16:20:55.0905 2528        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

16:20:56.0061 2528        \Device\Harddisk1\DR1 - ok

16:20:56.0077 2528        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

16:20:56.0201 2528        \Device\Harddisk0\DR0 - ok

16:20:56.0217 2528        Boot (0x1200)   (ece9acd3b8ba3ec62ef691e53ee2873c) \Device\Harddisk1\DR1\Partition0

16:20:56.0217 2528        \Device\Harddisk1\DR1\Partition0 - ok

16:20:56.0217 2528        Boot (0x1200)   (35e4336814c81803d5c15e67155589a9) \Device\Harddisk0\DR0\Partition0

16:20:56.0217 2528        \Device\Harddisk0\DR0\Partition0 - ok

16:20:56.0264 2528        Boot (0x1200)   (74b800b5dd828c3d16a0c9ae56d0f190) \Device\Harddisk0\DR0\Partition1

16:20:56.0264 2528        \Device\Harddisk0\DR0\Partition1 - ok

16:20:56.0279 2528        Boot (0x1200)   (79ce57030e268e4db323ae80420758bc) \Device\Harddisk0\DR0\Partition2

16:20:56.0279 2528        \Device\Harddisk0\DR0\Partition2 - ok

16:20:56.0279 2528        ============================================================

16:20:56.0279 2528        Scan finished

16:20:56.0279 2528        ============================================================

16:20:56.0295 2340        Detected object count: 3

16:20:56.0295 2340        Actual detected object count: 3

16:21:18.0135 2340        MBAMProtector ( UnsignedFile.Multi.Generic ) - skipped by user

16:21:18.0135 2340        MBAMProtector ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:21:18.0135 2340        vflt ( UnsignedFile.Multi.Generic ) - skipped by user

16:21:18.0135 2340        vflt ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:21:18.0135 2340        vnet ( UnsignedFile.Multi.Generic ) - skipped by user

16:21:18.0135 2340        vnet ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Download auf Desktop nicht möglich. "...konnte nicht gespeichert werden, weil Sie die Inhalte dieses Ordners nicht ändern können.
Ändern Sie die Ordnereigenschaften und versuchen Sie es nochmals oder versuchen Sie, an einem anderen Ort zu speichern"

Laut den Ordneroptionen sollte ich Vollzugriff haben.

Schonmal seltsam aber:
Auf Laufwerk D geht es. Kann ich die Datei von da auf den Desktop kopieren? Bzw ist das dann noch der Sinn der Sache, weil es ausdrücklich auf dem Desktop gespeichert werden muss.

Edit: Es geht selbst dann nicht, wenn ich Firefox als Admin ausführe!

Dann führe CF von D: aus

Code:

ComboFix 11-11-21.01 - sepp 21.11.2011  19:20:47.1.6 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4095.3058 [GMT 1:00]

ausgeführt von:: D:\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\sepp\hosts

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-10-21 bis 2011-11-21  ))))))))))))))))))))))))))))))

.

.

2011-11-21 14:55 . 2011-11-21 14:55        --------        d-----w-        C:\_OTL

2011-11-19 22:10 . 2011-11-19 22:10        --------        d-----w-        c:\users\sepp\AppData\Local\Solid State Networks

2011-11-19 20:20 . 2011-09-06 21:45        254400        ----a-w-        c:\windows\system32\aswBoot.exe

2011-11-18 17:11 . 2011-11-18 17:11        --------        d-----w-        c:\program files (x86)\ESET

2011-11-17 23:41 . 2011-05-02 14:05        1611        ----a-w-        c:\users\sepp\mvps.bat

2011-11-17 23:32 . 2011-11-17 23:32        --------        d-----w-        c:\program files (x86)\7-Zip

2011-11-17 21:37 . 2011-11-17 21:37        --------        d-----w-        c:\users\sepp\AppData\Roaming\Malwarebytes

2011-11-17 21:37 . 2011-11-17 21:37        --------        d-----w-        c:\programdata\Malwarebytes

2011-11-17 21:37 . 2011-11-17 21:37        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-11-17 21:37 . 2011-08-31 16:00        25416        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-11-17 21:32 . 2011-11-19 22:47        --------        d-----w-        c:\users\sepp\AppData\Roaming\SumatraPDF

2011-11-17 21:32 . 2011-11-17 21:32        --------        d-----w-        c:\program files (x86)\SumatraPDF

2011-11-17 20:02 . 2011-11-17 20:16        --------        d-----w-        c:\program files (x86)\Advanced Port Scanner

2011-11-11 18:52 . 2011-11-11 18:52        --------        d-----w-        c:\users\sepp\AppData\Local\ElevatedDiagnostics

2011-11-10 15:29 . 2011-11-10 15:30        --------        d-----w-        c:\windows\system32\appmgmt

2011-11-10 15:09 . 2011-11-10 15:09        --------        d-----w-        c:\program files (x86)\Cisco Systems

2011-11-10 15:07 . 2011-11-10 15:07        --------        d-----w-        c:\users\sepp\AppData\Roaming\FastSum

2011-11-10 15:06 . 2011-11-10 15:07        --------        d-----w-        c:\program files (x86)\FastSum

2011-11-09 11:45 . 2011-10-01 05:45        886784        ----a-w-        c:\program files\Common Files\System\wab32.dll

2011-11-09 11:45 . 2011-10-01 04:37        708608        ----a-w-        c:\program files (x86)\Common Files\System\wab32.dll

2011-11-09 11:45 . 2011-09-29 16:29        1923952        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2011-11-09 11:45 . 2011-09-29 04:03        3144704        ----a-w-        c:\windows\system32\win32k.sys

2011-11-04 17:20 . 2011-11-04 17:20        --------        d-----w-        c:\programdata\Uniblue

2011-11-04 17:19 . 2011-11-04 17:19        --------        d-----w-        c:\users\sepp\AppData\Roaming\Canneverbe Limited

2011-11-04 17:19 . 2011-11-04 17:19        --------        d-----w-        c:\programdata\Canneverbe Limited

2011-11-04 17:19 . 2011-11-04 17:19        --------        d-----w-        c:\users\sepp\AppData\Roaming\OpenCandy

2011-11-04 17:19 . 2011-11-04 17:19        --------        d-----w-        c:\program files (x86)\CDBurnerXP

2011-10-27 21:39 . 2011-11-08 07:28        --------        d-----w-        c:\program files (x86)\Frets on Fire

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-03 14:20 . 2011-08-26 19:23        270240        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2011-09-02 18:42 . 2011-08-26 19:07        270240        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2011-09-01 05:24 . 2011-10-12 22:31        2309120        ----a-w-        c:\windows\system32\jscript9.dll

2011-09-01 05:17 . 2011-10-12 22:31        1389056        ----a-w-        c:\windows\system32\wininet.dll

2011-09-01 05:12 . 2011-10-12 22:31        2382848        ----a-w-        c:\windows\system32\mshtml.tlb

2011-09-01 02:35 . 2011-10-12 22:31        1798144        ----a-w-        c:\windows\SysWow64\jscript9.dll

2011-09-01 02:28 . 2011-10-12 22:31        1126912        ----a-w-        c:\windows\SysWow64\wininet.dll

2011-09-01 02:22 . 2011-10-12 22:31        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb

2011-08-27 05:37 . 2011-10-12 19:24        861696        ----a-w-        c:\windows\system32\oleaut32.dll

2011-08-27 05:37 . 2011-10-12 19:24        331776        ----a-w-        c:\windows\system32\oleacc.dll

2011-08-27 04:26 . 2011-10-12 19:24        233472        ----a-w-        c:\windows\SysWow64\oleacc.dll

2011-08-27 04:26 . 2011-10-12 19:24        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsNetHood"= 1 (0x1)

.

R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AKSUP;AKSUP;c:\windows\system32\drivers\aksup.sys [x]

R3 eTSrv;ETOKSRV;c:\program files\Aladdin\eToken\PKIClient\x64\eTSrv.exe [2008-11-03 8192]

R3 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-03-25 271408]

R3 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [x]

R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304]

R4 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]

R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

2010-09-22 19:19        284208        ----a-w-        c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = 

mStart Page = 

mLocal Page = c:\windows\SYSTEM32\blank.htm

IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\sepp\AppData\Roaming\Mozilla\Firefox\Profiles\btw9bln4.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.de

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-11-21  19:31:28 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-11-21 18:31

.

Vor Suchlauf: 9 Verzeichnis(se), 22.624.239.616 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 22.308.941.824 Bytes frei

.

- - End Of File - - E0C79454039FD37C0964150BF1AE645A

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Code:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software

Run date: 2011-11-21 19:47:13

-----------------------------

19:47:13.555    OS Version: Windows x64 6.1.7601 Service Pack 1

19:47:13.555    Number of processors: 6 586 0xA00

19:47:13.555    ComputerName: SEPP-PC  UserName: sepp

19:47:13.977    Initialize success

19:48:14.255    AVAST engine defs: 11112100

19:48:21.977    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-7

19:48:21.977    Disk 0 Vendor: WDC_WD10EADS-22M2B0 01.00A01 Size: 953869MB BusType: 3

19:48:21.977    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3

19:48:21.993    Disk 1 Vendor: WDC_WD1600AAJB-00J3A0 01.03E01 Size: 152627MB BusType: 3

19:48:24.021    Disk 1 MBR read successfully

19:48:24.021    Disk 1 MBR scan

19:48:24.036    Disk 1 Windows 7 default MBR code

19:48:24.068    Service scanning

19:48:27.578    Modules scanning

19:48:27.578    Disk 1 trace - called modules:

19:48:27.609    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 

19:48:27.609    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8004a6a060]

19:48:27.624    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80047fa520]

19:48:27.640    5 ACPI.sys[fffff88000f147a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa80047fc060]

19:48:29.106    AVAST engine scan C:\Windows

19:48:31.119    AVAST engine scan C:\Windows\system32

19:50:08.011    AVAST engine scan C:\Windows\system32\drivers

19:50:17.885    AVAST engine scan C:\Users\sepp

19:51:20.192    AVAST engine scan C:\ProgramData

19:51:42.718    Scan finished successfully

19:51:57.086    Disk 1 MBR has been saved successfully to "C:\Users\sepp\Desktop\MBR.dat"

19:51:57.086    The log file has been saved successfully to "C:\Users\sepp\Desktop\aswMBR.txt"

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 11/22/2011 at 06:29 AM
 

Application Version : 5.0.1136
 

Core Rules Database Version : 7972

Trace Rules Database Version: 5784
 

Scan type       : Complete Scan

Total Scan Time : 01:42:32
 

Operating System Information

Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Administrator
 

Memory items scanned      : 481

Memory threats detected   : 0

Registry items scanned    : 70471

Registry threats detected : 0

File items scanned        : 221526

File threats detected     : 7
 

Adware.Tracking Cookie

        C:\Users\sepp\AppData\Roaming\Microsoft\Windows\Cookies\sepp@adx.chip[1].txt [ /adx.chip ]

        C:\Users\sepp\AppData\Roaming\Microsoft\Windows\Cookies\sepp@doubleclick[1].txt [ /doubleclick ]

        C:\Users\sepp\AppData\Roaming\Microsoft\Windows\Cookies\sepp@smartadserver[2].txt [ /smartadserver ]

        C:\Users\sepp\AppData\Roaming\Microsoft\Windows\Cookies\RK8XVBE2.txt [ /atdmt.com ]

        C:\USERS\SEPP\Cookies\sepp@doubleclick[1].txt [ Cookie:sepp@doubleclick.net/ ]

        C:\USERS\SEPP\Cookies\RK8XVBE2.txt [ Cookie:sepp@atdmt.com/ ]

        C:\USERS\SEPP\Cookies\sepp@adx.chip[1].txt [ Cookie:sepp@adx.chip.de/ ]

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=6847c2ea6108294bbc4ee72d60710921

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-11-18 07:22:18

# local_time=2011-11-18 08:22:18 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1792 16777215 100 0 2808165 2808165 0 0

# compatibility_mode=5893 16776574 66 85 15236618 73266318 0 0

# compatibility_mode=8192 67108863 100 0 3807 3807 0 0

# scanned=214145

# found=4

# cleaned=0

# scan_time=7670

C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe        a variant of Win32/HotSpotShield application (unable to clean)        00000000000000000000000000000000        I

C:\Users\sepp\Desktop\installs\Starter Tools\unlocker1.8.9.exe        Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I

D:\installs\HSS-1.57-install-anchorfree-76-conduit.exe        a variant of Win32/HotSpotShield application (unable to clean)        00000000000000000000000000000000        I

D:\installs\HSS-1.57-install-sjcairport-156-conduit.exe        a variant of Win32/HotSpotShield application (unable to clean)        00000000000000000000000000000000        I

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=6847c2ea6108294bbc4ee72d60710921

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-11-22 05:36:55

# local_time=2011-11-22 06:36:55 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776574 66 85 15540242 73569942 0 0

# compatibility_mode=8192 67108863 100 0 307431 307431 0 0

# scanned=741

# found=0

# cleaned=0

# scan_time=122

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=6847c2ea6108294bbc4ee72d60710921

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-11-22 06:41:02

# local_time=2011-11-22 07:41:02 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776574 66 85 15540984 73570684 0 0

# compatibility_mode=8192 67108863 100 0 308173 308173 0 0

# scanned=111997

# found=4

# cleaned=0

# scan_time=3228

C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe        a variant of Win32/HotSpotShield application (unable to clean)        00000000000000000000000000000000        I

C:\Users\sepp\Desktop\installs\Starter Tools\unlocker1.8.9.exe        Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I

D:\installs\HSS-1.57-install-anchorfree-76-conduit.exe        a variant of Win32/HotSpotShield application (unable to clean)        00000000000000000000000000000000        I

D:\installs\HSS-1.57-install-sjcairport-156-conduit.exe        a variant of Win32/HotSpotShield application (unable to clean)        00000000000000000000000000000000        I

MBAM hat nichts ergeben.

Ok, nur Cookies, den Rest kann man vernachlässigen.
Rechner wieder im Lot?

Ja ich denke schon! Ein dickes Danke für die Hilfe!!! :taenzer:

Kannst du mir vielleicht noch erzählen, was genau die Infektion war und wie ich sie zukünftig vermeiden kann?

Und kannst du mir ein Freeware Programm empfehlen, das mich vor Infektionen durch USB-Sticks schützt?

Bis auf den Keylogger hab ich nicht viel "dickes" gesehen.
Dringen Informationen denn noch nach außen :pfeiff:

Wird sich rausstellen!

Dann wären wir wohl erstmal durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

OK ich werde die Tipps befolgen. Vielen Dank nochmal Arne!