Trojaner-Board - backdoor.gen5 und weitere Viren

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - backdoor.gen5 und weitere Viren (https://www.trojaner-board.de/105315-backdoor-gen5-viren.html)

Leider nicht, hab das System abgesucht und nichts gefunden.............

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

FF - prefs.js..browser.search.defaultenginename: "foxsearch"

FF - prefs.js..browser.search.order.1: "foxsearch"

FF - prefs.js..browser.search.selectedEngine: "foxsearch"

FF - prefs.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - prefs.js..network.proxy.type: 0

FF - user.js..browser.search.selectedEngine: "foxsearch"

FF - user.js..browser.search.order.1: "foxsearch"

FF - user.js..browser.search.defaultenginename: "foxsearch"

FF - user.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007.02.09 11:09:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

[2011.07.21 20:43:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\1F9F4C1C0A67AB066EF22013A7992CAA

[2011.04.02 10:49:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Gutscheinmieze

@Alternate Data Stream - 203 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:DFC5A2B2

@Alternate Data Stream - 127 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:430C6D84

@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:A8ADE5D8

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hab ich gemacht und hier ist das Log dazu:

Code:

All processes killed

========== OTL ==========

Prefs.js: "foxsearch" removed from browser.search.defaultenginename

Prefs.js: "foxsearch" removed from browser.search.order.1

Prefs.js: "foxsearch" removed from browser.search.selectedEngine

Prefs.js: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL

Prefs.js: 0 removed from network.proxy.type

C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\FireFox\Profiles\or1jorif.default\user.js moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\AUTOEXEC.BAT moved successfully.

Folder C:\Dokumente und Einstellungen\User\Anwendungsdaten\1F9F4C1C0A67AB066EF22013A7992CAA\ not found.

Folder C:\Dokumente und Einstellungen\User\Anwendungsdaten\Gutscheinmieze\ not found.

ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:DFC5A2B2 deleted successfully.

ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:430C6D84 deleted successfully.

ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:A8ADE5D8 deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 454677 bytes

->FireFox cache emptied: 27812362 bytes

->Flash cache emptied: 456 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: haslo

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 35291 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 304430 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 116919842 bytes

 

User: User

->Temp folder emptied: 60050933 bytes

->Temporary Internet Files folder emptied: 107342586 bytes

->Java cache emptied: 1083572 bytes

->FireFox cache emptied: 120742266 bytes

->Flash cache emptied: 31163 bytes

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 5843384 bytes

%systemroot%\System32 .tmp files removed: 2951 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2680597 bytes

RecycleBin emptied: 44475824 bytes

 

Total Files Cleaned = 465.00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 11292011_190227
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Hier der Report zu TDSSKiller:

Code:

19:46:05.0515 2668        TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44

19:46:05.0859 2668        ============================================================

19:46:05.0859 2668        Current date / time: 2011/11/30 19:46:05.0859

19:46:05.0859 2668        SystemInfo:

19:46:05.0859 2668        

19:46:05.0859 2668        OS Version: 5.1.2600 ServicePack: 3.0

19:46:05.0859 2668        Product type: Workstation

19:46:05.0859 2668        ComputerName: PCxxxxxx

19:46:05.0859 2668        UserName: User

19:46:05.0859 2668        Windows directory: C:\WINDOWS

19:46:05.0859 2668        System windows directory: C:\WINDOWS

19:46:05.0859 2668        Processor architecture: Intel x86

19:46:05.0859 2668        Number of processors: 1

19:46:05.0859 2668        Page size: 0x1000

19:46:05.0859 2668        Boot type: Normal boot

19:46:05.0859 2668        ============================================================

19:46:06.0921 2668        !crdlk

19:46:07.0031 2668        Initialize success

19:47:01.0406 1028        ============================================================

19:47:01.0406 1028        Scan started

19:47:01.0406 1028        Mode: Manual; SigCheck; TDLFS; 

19:47:01.0406 1028        ============================================================

19:47:01.0906 1028        Abiosdsk - ok

19:47:01.0953 1028        abp480n5 - ok

19:47:02.0015 1028        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

19:47:03.0359 1028        ACPI - ok

19:47:03.0546 1028        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

19:47:03.0734 1028        ACPIEC - ok

19:47:03.0781 1028        adpu160m - ok

19:47:03.0843 1028        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

19:47:04.0000 1028        aec - ok

19:47:04.0078 1028        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

19:47:04.0125 1028        AFD - ok

19:47:04.0187 1028        Aha154x - ok

19:47:04.0234 1028        aic78u2 - ok

19:47:04.0281 1028        aic78xx - ok

19:47:04.0375 1028        ALCXWDM         (ef6873639d8b45d7b4811db7b6a89624) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

19:47:04.0531 1028        ALCXWDM ( UnsignedFile.Multi.Generic ) - warning

19:47:04.0531 1028        ALCXWDM - detected UnsignedFile.Multi.Generic (1)

19:47:04.0625 1028        AliIde - ok

19:47:04.0656 1028        amsint - ok

19:47:04.0781 1028        AR5211          (b6f660bd0701863966917de830a3d6eb) C:\WINDOWS\system32\DRIVERS\ar5211.sys

19:47:04.0875 1028        AR5211 ( UnsignedFile.Multi.Generic ) - warning

19:47:04.0875 1028        AR5211 - detected UnsignedFile.Multi.Generic (1)

19:47:04.0953 1028        Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

19:47:05.0078 1028        Arp1394 - ok

19:47:05.0140 1028        asc - ok

19:47:05.0171 1028        asc3350p - ok

19:47:05.0218 1028        asc3550 - ok

19:47:05.0343 1028        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

19:47:05.0500 1028        AsyncMac - ok

19:47:05.0562 1028        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

19:47:05.0703 1028        atapi - ok

19:47:05.0750 1028        Atdisk - ok

19:47:05.0828 1028        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

19:47:06.0000 1028        Atmarpc - ok

19:47:06.0093 1028        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

19:47:06.0218 1028        audstub - ok

19:47:06.0281 1028        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

19:47:06.0937 1028        avgntflt - ok

19:47:07.0000 1028        avipbb          (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys

19:47:07.0015 1028        avipbb - ok

19:47:07.0093 1028        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys

19:47:07.0093 1028        avkmgr - ok

19:47:07.0187 1028        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

19:47:07.0328 1028        Beep - ok

19:47:07.0437 1028        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

19:47:07.0609 1028        cbidf2k - ok

19:47:07.0687 1028        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

19:47:07.0859 1028        CCDECODE - ok

19:47:07.0921 1028        cd20xrnt - ok

19:47:07.0968 1028        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

19:47:08.0125 1028        Cdaudio - ok

19:47:08.0187 1028        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

19:47:08.0328 1028        Cdfs - ok

19:47:08.0375 1028        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

19:47:08.0515 1028        Cdrom - ok

19:47:08.0578 1028        Changer - ok

19:47:08.0640 1028        Clisrvpb0-0 - ok

19:47:08.0703 1028        CmdIde - ok

19:47:08.0781 1028        Cpqarray - ok

19:47:08.0828 1028        dac2w2k - ok

19:47:08.0875 1028        dac960nt - ok

19:47:08.0937 1028        DCamUSBEMPIA    (4273955f3aa1eaf22351417a238db095) C:\WINDOWS\system32\DRIVERS\emDevice.sys

19:47:08.0968 1028        DCamUSBEMPIA ( UnsignedFile.Multi.Generic ) - warning

19:47:08.0968 1028        DCamUSBEMPIA - detected UnsignedFile.Multi.Generic (1)

19:47:09.0062 1028        DCamUSBNW812    (ef3d11f939accf688f349ec72bfa5717) C:\WINDOWS\system32\DRIVERS\pcam812.sys

19:47:09.0078 1028        DCamUSBNW812 ( UnsignedFile.Multi.Generic ) - warning

19:47:09.0078 1028        DCamUSBNW812 - detected UnsignedFile.Multi.Generic (1)

19:47:09.0171 1028        dgderdrv        (6216fd7fd227de454238a702b218cec7) C:\WINDOWS\system32\drivers\dgderdrv.sys

19:47:09.0218 1028        dgderdrv - ok

19:47:09.0328 1028        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

19:47:09.0453 1028        Disk - ok

19:47:09.0515 1028        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

19:47:09.0718 1028        dmboot - ok

19:47:09.0796 1028        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\DRIVERS\dmio.sys

19:47:09.0953 1028        dmio - ok

19:47:10.0062 1028        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

19:47:10.0218 1028        dmload - ok

19:47:10.0296 1028        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

19:47:10.0437 1028        DMusic - ok

19:47:10.0515 1028        dpti2o - ok

19:47:10.0578 1028        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

19:47:10.0703 1028        drmkaud - ok

19:47:10.0796 1028        ElbyCDFL        (2bb50c2cea07b36ee10309de8fd842d6) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys

19:47:10.0796 1028        ElbyCDFL - ok

19:47:10.0859 1028        ElbyCDIO        (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

19:47:10.0875 1028        ElbyCDIO - ok

19:47:10.0953 1028        exFat           (3ef58f2eae3aecab45d682152db2f67d) C:\WINDOWS\system32\drivers\exFat.sys

19:47:11.0000 1028        exFat ( UnsignedFile.Multi.Generic ) - warning

19:47:11.0000 1028        exFat - detected UnsignedFile.Multi.Generic (1)

19:47:11.0093 1028        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

19:47:11.0234 1028        Fastfat - ok

19:47:11.0312 1028        fasttx2k        (3acbc73531dedd69837fe73b1623d49c) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys

19:47:11.0359 1028        fasttx2k - ok

19:47:11.0421 1028        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

19:47:11.0578 1028        Fdc - ok

19:47:11.0656 1028        FiltUSBEMPIA    (b1a4e679f6d5aec1ecd8a9fce789a1e3) C:\WINDOWS\system32\DRIVERS\emFilter.sys

19:47:11.0734 1028        FiltUSBEMPIA ( UnsignedFile.Multi.Generic ) - warning

19:47:11.0734 1028        FiltUSBEMPIA - detected UnsignedFile.Multi.Generic (1)

19:47:11.0796 1028        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

19:47:11.0937 1028        Fips - ok

19:47:12.0015 1028        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

19:47:12.0171 1028        Flpydisk - ok

19:47:12.0250 1028        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

19:47:12.0406 1028        FltMgr - ok

19:47:12.0484 1028        FsUsbExDisk     (b07663a810e861eebfd0eac7e82ca62d) C:\WINDOWS\system32\FsUsbExDisk.SYS

19:47:12.0515 1028        FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning

19:47:12.0515 1028        FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)

19:47:12.0593 1028        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

19:47:12.0718 1028        Fs_Rec - ok

19:47:12.0765 1028        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

19:47:12.0921 1028        Ftdisk - ok

19:47:13.0000 1028        gagp30kx        (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys

19:47:13.0140 1028        gagp30kx - ok

19:47:13.0203 1028        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

19:47:13.0203 1028        GEARAspiWDM - ok

19:47:13.0265 1028        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

19:47:13.0406 1028        Gpc - ok

19:47:13.0515 1028        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

19:47:13.0640 1028        HidUsb - ok

19:47:13.0703 1028        hpn - ok

19:47:13.0765 1028        hpt3xx - ok

19:47:13.0859 1028        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

19:47:13.0937 1028        HTTP - ok

19:47:14.0000 1028        i2omgmt - ok

19:47:14.0046 1028        i2omp - ok

19:47:14.0109 1028        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

19:47:14.0234 1028        i8042prt - ok

19:47:14.0343 1028        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

19:47:14.0468 1028        Imapi - ok

19:47:14.0546 1028        ini910u - ok

19:47:14.0609 1028        IntelIde - ok

19:47:14.0671 1028        ip6fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

19:47:14.0843 1028        ip6fw - ok

19:47:14.0906 1028        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

19:47:15.0062 1028        IpFilterDriver - ok

19:47:15.0140 1028        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

19:47:15.0296 1028        IpInIp - ok

19:47:15.0359 1028        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

19:47:15.0500 1028        IpNat - ok

19:47:15.0578 1028        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

19:47:15.0734 1028        IPSec - ok

19:47:15.0828 1028        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

19:47:15.0921 1028        IRENUM - ok

19:47:16.0015 1028        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

19:47:16.0156 1028        isapnp - ok

19:47:16.0234 1028        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

19:47:16.0390 1028        Kbdclass - ok

19:47:16.0453 1028        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

19:47:16.0578 1028        kmixer - ok

19:47:16.0640 1028        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

19:47:16.0687 1028        KSecDD - ok

19:47:16.0796 1028        lbrtfdc - ok

19:47:16.0906 1028        Lower812        (5908875af2e526acba35a5eda2e70be5) C:\WINDOWS\system32\drivers\lower812.sys

19:47:16.0921 1028        Lower812 ( UnsignedFile.Multi.Generic ) - warning

19:47:16.0921 1028        Lower812 - detected UnsignedFile.Multi.Generic (1)

19:47:17.0046 1028        MBAMProtector   (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

19:47:17.0062 1028        MBAMProtector - ok

19:47:17.0203 1028        MBAMSwissArmy - ok

19:47:17.0328 1028        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

19:47:17.0484 1028        mnmdd - ok

19:47:17.0640 1028        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

19:47:18.0109 1028        Modem - ok

19:47:18.0203 1028        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

19:47:18.0328 1028        Mouclass - ok

19:47:18.0406 1028        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

19:47:18.0531 1028        mouhid - ok

19:47:18.0593 1028        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

19:47:18.0750 1028        MountMgr - ok

19:47:18.0812 1028        mraid35x - ok

19:47:18.0906 1028        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

19:47:19.0078 1028        MRxDAV - ok

19:47:19.0156 1028        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

19:47:19.0437 1028        MRxSmb - ok

19:47:19.0546 1028        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

19:47:19.0703 1028        Msfs - ok

19:47:19.0781 1028        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

19:47:19.0921 1028        MSKSSRV - ok

19:47:20.0000 1028        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

19:47:20.0140 1028        MSPCLOCK - ok

19:47:20.0218 1028        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

19:47:20.0390 1028        MSPQM - ok

19:47:20.0453 1028        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

19:47:20.0578 1028        mssmbios - ok

19:47:20.0640 1028        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

19:47:20.0796 1028        MSTEE - ok

19:47:20.0875 1028        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

19:47:20.0890 1028        Mup - ok

19:47:20.0953 1028        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

19:47:21.0109 1028        NABTSFEC - ok

19:47:21.0203 1028        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

19:47:21.0328 1028        NDIS - ok

19:47:21.0390 1028        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

19:47:21.0562 1028        NdisIP - ok

19:47:21.0625 1028        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

19:47:21.0656 1028        NdisTapi - ok

19:47:21.0703 1028        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

19:47:21.0843 1028        Ndisuio - ok

19:47:21.0906 1028        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

19:47:22.0062 1028        NdisWan - ok

19:47:22.0140 1028        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

19:47:22.0187 1028        NDProxy - ok

19:47:22.0265 1028        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

19:47:22.0375 1028        NetBIOS - ok

19:47:22.0546 1028        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

19:47:22.0718 1028        NetBT - ok

19:47:22.0843 1028        NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

19:47:22.0984 1028        NIC1394 - ok

19:47:23.0078 1028        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

19:47:23.0234 1028        Npfs - ok

19:47:23.0296 1028        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

19:47:23.0453 1028        Ntfs - ok

19:47:23.0578 1028        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

19:47:23.0687 1028        Null - ok

19:47:24.0859 1028        nv              (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

19:47:26.0546 1028        nv - ok

19:47:26.0796 1028        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

19:47:26.0921 1028        NwlnkFlt - ok

19:47:26.0984 1028        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

19:47:27.0109 1028        NwlnkFwd - ok

19:47:27.0187 1028        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

19:47:27.0343 1028        ohci1394 - ok

19:47:27.0437 1028        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys

19:47:27.0593 1028        Parport - ok

19:47:27.0640 1028        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

19:47:27.0781 1028        PartMgr - ok

19:47:27.0859 1028        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

19:47:27.0984 1028        ParVdm - ok

19:47:28.0046 1028        pccsmcfd        (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

19:47:28.0468 1028        pccsmcfd - ok

19:47:28.0625 1028        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

19:47:28.0765 1028        PCI - ok

19:47:28.0812 1028        PCIDump - ok

19:47:28.0859 1028        PCIIde - ok

19:47:28.0937 1028        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

19:47:29.0093 1028        Pcmcia - ok

19:47:29.0187 1028        PCTCore         (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\WINDOWS\system32\drivers\PCTCore.sys

19:47:29.0218 1028        PCTCore - ok

19:47:29.0281 1028        pctDS           (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys

19:47:29.0312 1028        pctDS - ok

19:47:29.0359 1028        PDCOMP - ok

19:47:29.0421 1028        PDFRAME - ok

19:47:29.0468 1028        PDRELI - ok

19:47:29.0531 1028        PDRFRAME - ok

19:47:29.0578 1028        perc2 - ok

19:47:29.0625 1028        perc2hib - ok

19:47:29.0796 1028        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

19:47:29.0937 1028        PptpMiniport - ok

19:47:30.0000 1028        Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys

19:47:30.0125 1028        Processor - ok

19:47:30.0218 1028        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

19:47:30.0343 1028        PSched - ok

19:47:30.0421 1028        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

19:47:30.0546 1028        Ptilink - ok

19:47:30.0593 1028        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

19:47:30.0609 1028        PxHelp20 - ok

19:47:30.0656 1028        ql1080 - ok

19:47:30.0703 1028        Ql10wnt - ok

19:47:30.0750 1028        ql12160 - ok

19:47:30.0812 1028        ql1240 - ok

19:47:30.0859 1028        ql1280 - ok

19:47:30.0937 1028        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

19:47:31.0078 1028        RasAcd - ok

19:47:31.0171 1028        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

19:47:31.0312 1028        Rasl2tp - ok

19:47:31.0375 1028        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

19:47:31.0500 1028        RasPppoe - ok

19:47:31.0562 1028        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

19:47:31.0687 1028        Raspti - ok

19:47:31.0750 1028        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

19:47:31.0890 1028        Rdbss - ok

19:47:31.0968 1028        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

19:47:32.0093 1028        RDPCDD - ok

19:47:32.0171 1028        rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

19:47:32.0312 1028        rdpdr - ok

19:47:32.0390 1028        RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

19:47:32.0453 1028        RDPWD - ok

19:47:32.0546 1028        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

19:47:32.0671 1028        redbook - ok

19:47:32.0812 1028        SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS

19:47:32.0828 1028        SASDIFSV - ok

19:47:32.0859 1028        SASKUTIL        (61db0d0756a99506207fd724e3692b25) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS

19:47:32.0875 1028        SASKUTIL - ok

19:47:32.0937 1028        ScanUSBEMPIA    (f3cd3709919a453ac84c290dceeb767c) C:\WINDOWS\system32\DRIVERS\emScan.sys

19:47:32.0984 1028        ScanUSBEMPIA ( UnsignedFile.Multi.Generic ) - warning

19:47:32.0984 1028        ScanUSBEMPIA - detected UnsignedFile.Multi.Generic (1)

19:47:33.0078 1028        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

19:47:33.0171 1028        Secdrv - ok

19:47:33.0265 1028        serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

19:47:33.0390 1028        serenum - ok

19:47:33.0453 1028        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys

19:47:33.0593 1028        Serial - ok

19:47:33.0703 1028        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

19:47:33.0843 1028        Sfloppy - ok

19:47:33.0921 1028        Simbad - ok

19:47:33.0984 1028        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

19:47:34.0125 1028        SLIP - ok

19:47:34.0218 1028        Sparrow - ok

19:47:34.0281 1028        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

19:47:34.0406 1028        splitter - ok

19:47:34.0515 1028        sptd            (e8b705f9abe446aaf7a315ef8b4aea5a) C:\WINDOWS\System32\Drivers\sptd.sys

19:47:34.0625 1028        sptd - ok

19:47:34.0687 1028        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

19:47:34.0750 1028        sr - ok

19:47:34.0812 1028        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

19:47:34.0906 1028        Srv - ok

19:47:34.0968 1028        ssadbus         (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys

19:47:35.0000 1028        ssadbus - ok

19:47:35.0078 1028        ssadmdfl        (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys

19:47:35.0125 1028        ssadmdfl - ok

19:47:35.0234 1028        ssadmdm         (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys

19:47:35.0328 1028        ssadmdm - ok

19:47:35.0406 1028        sscdbus         (069351a1d7d291013177a90ae6edccbc) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

19:47:35.0453 1028        sscdbus - ok

19:47:35.0531 1028        sscdmdfl        (1c925be223a5c0f9f469252292a48df6) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

19:47:35.0562 1028        sscdmdfl - ok

19:47:35.0640 1028        sscdmdm         (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

19:47:35.0687 1028        sscdmdm - ok

19:47:35.0781 1028        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

19:47:35.0781 1028        ssmdrv - ok

19:47:35.0875 1028        StarOpen        (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys

19:47:35.0890 1028        StarOpen ( UnsignedFile.Multi.Generic ) - warning

19:47:35.0890 1028        StarOpen - detected UnsignedFile.Multi.Generic (1)

19:47:35.0984 1028        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

19:47:36.0140 1028        streamip - ok

19:47:36.0171 1028        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

19:47:36.0328 1028        swenum - ok

19:47:36.0390 1028        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

19:47:36.0515 1028        swmidi - ok

19:47:36.0578 1028        symc810 - ok

19:47:36.0640 1028        symc8xx - ok

19:47:36.0687 1028        sym_hi - ok

19:47:36.0734 1028        sym_u3 - ok

19:47:36.0796 1028        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

19:47:36.0937 1028        sysaudio - ok

19:47:37.0015 1028        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

19:47:37.0109 1028        Tcpip - ok

19:47:37.0187 1028        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

19:47:37.0312 1028        TDPIPE - ok

19:47:37.0390 1028        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

19:47:37.0531 1028        TDTCP - ok

19:47:37.0609 1028        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

19:47:37.0734 1028        TermDD - ok

19:47:37.0828 1028        TosIde - ok

19:47:37.0921 1028        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

19:47:38.0046 1028        Udfs - ok

19:47:38.0140 1028        ultra - ok

19:47:38.0218 1028        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

19:47:38.0390 1028        Update - ok

19:47:38.0484 1028        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

19:47:38.0609 1028        usbaudio - ok

19:47:38.0687 1028        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

19:47:38.0812 1028        usbccgp - ok

19:47:38.0859 1028        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

19:47:38.0984 1028        usbehci - ok

19:47:39.0046 1028        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

19:47:39.0203 1028        usbhub - ok

19:47:39.0265 1028        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

19:47:39.0421 1028        usbprint - ok

19:47:39.0484 1028        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

19:47:39.0640 1028        usbscan - ok

19:47:39.0687 1028        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:47:39.0828 1028        USBSTOR - ok

19:47:39.0906 1028        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

19:47:40.0015 1028        usbuhci - ok

19:47:40.0078 1028        usb_rndisx      (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

19:47:40.0218 1028        usb_rndisx - ok

19:47:40.0281 1028        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

19:47:40.0390 1028        VgaSave - ok

19:47:40.0625 1028        viaagp1         (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys

19:47:40.0671 1028        viaagp1 - ok

19:47:40.0750 1028        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

19:47:40.0859 1028        ViaIde - ok

19:47:40.0906 1028        viasraid        (ebe101c01d80a42868f57b327be1b564) C:\WINDOWS\system32\DRIVERS\viasraid.sys

19:47:40.0968 1028        viasraid - ok

19:47:41.0046 1028        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

19:47:41.0187 1028        VolSnap - ok

19:47:41.0265 1028        vpnva           (1b7c80c66742dafaa31f98af4c3a5bc2) C:\WINDOWS\system32\DRIVERS\vpnva.sys

19:47:41.0281 1028        vpnva - ok

19:47:41.0406 1028        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

19:47:41.0531 1028        Wanarp - ok

19:47:41.0609 1028        Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

19:47:41.0671 1028        Wdf01000 - ok

19:47:41.0703 1028        WDICA - ok

19:47:41.0781 1028        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

19:47:41.0937 1028        wdmaud - ok

19:47:42.0062 1028        WinUSB          (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys

19:47:42.0109 1028        WinUSB - ok

19:47:42.0250 1028        WpdUsb          (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

19:47:42.0312 1028        WpdUsb - ok

19:47:42.0375 1028        WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

19:47:42.0500 1028        WS2IFSL - ok

19:47:42.0609 1028        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

19:47:42.0765 1028        WSTCODEC - ok

19:47:42.0843 1028        WudfPf          (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

19:47:42.0890 1028        WudfPf - ok

19:47:42.0953 1028        WudfRd          (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

19:47:43.0015 1028        WudfRd - ok

19:47:43.0109 1028        yukonwxp        (7d1def979b4e536e12882ee84f7c719a) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

19:47:43.0156 1028        yukonwxp - ok

19:47:43.0250 1028        yukonx86        (26ba6284869bebc19990fc0c1df7b9a7) C:\WINDOWS\system32\DRIVERS\yukonx86.sys

19:47:43.0296 1028        yukonx86 ( UnsignedFile.Multi.Generic ) - warning

19:47:43.0296 1028        yukonx86 - detected UnsignedFile.Multi.Generic (1)

19:47:43.0375 1028        zumbus          (6bfb54f73aae470e9299e66cbc7bb632) C:\WINDOWS\system32\DRIVERS\zumbus.sys

19:47:43.0531 1028        zumbus - ok

19:47:43.0703 1028        {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Programme\CyberLink\PowerDVD\000.fcl

19:47:43.0703 1028        {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok

19:47:43.0781 1028        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

19:47:44.0140 1028        \Device\Harddisk0\DR0 - ok

19:47:44.0156 1028        Boot (0x1200)   (c44b968eaed177484c00f52c913dc1f3) \Device\Harddisk0\DR0\Partition0

19:47:44.0156 1028        \Device\Harddisk0\DR0\Partition0 - ok

19:47:44.0203 1028        Boot (0x1200)   (525de444e7df608610aa8024ef1ab4f2) \Device\Harddisk0\DR0\Partition1

19:47:44.0203 1028        \Device\Harddisk0\DR0\Partition1 - ok

19:47:44.0218 1028        ============================================================

19:47:44.0218 1028        Scan finished

19:47:44.0218 1028        ============================================================

19:47:44.0359 3096        Detected object count: 11

19:47:44.0359 3096        Actual detected object count: 11

19:49:11.0984 3096        ALCXWDM ( UnsignedFile.Multi.Generic ) - skipped by user

19:49:11.0984 3096        ALCXWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:49:11.0984 3096        AR5211 ( UnsignedFile.Multi.Generic ) - skipped by user

19:49:11.0984 3096        AR5211 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:49:11.0984 3096        DCamUSBEMPIA ( UnsignedFile.Multi.Generic ) - skipped by user

19:49:11.0984 3096        DCamUSBEMPIA ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:49:11.0984 3096        DCamUSBNW812 ( UnsignedFile.Multi.Generic ) - skipped by user

19:49:11.0984 3096        DCamUSBNW812 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:49:11.0984 3096        exFat ( UnsignedFile.Multi.Generic ) - skipped by user

19:49:11.0984 3096        exFat ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:49:11.0984 3096        FiltUSBEMPIA ( UnsignedFile.Multi.Generic ) - skipped by user

19:49:11.0984 3096        FiltUSBEMPIA ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:49:12.0000 3096        FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user

19:49:12.0000 3096        FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:49:12.0000 3096        Lower812 ( UnsignedFile.Multi.Generic ) - skipped by user

19:49:12.0000 3096        Lower812 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:49:12.0015 3096        ScanUSBEMPIA ( UnsignedFile.Multi.Generic ) - skipped by user

19:49:12.0015 3096        ScanUSBEMPIA ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:49:12.0015 3096        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user

19:49:12.0015 3096        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:49:12.0031 3096        yukonx86 ( UnsignedFile.Multi.Generic ) - skipped by user

19:49:12.0031 3096        yukonx86 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Ok. Jetzt bitte CF richtig ausführen nach dieser Anleitung:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Leider lief das mit dem CF nicht wie gewünscht. Hab das Tool nach deiner Anleitung gestartet. Während das Tool lief, weiss nicht genau zu welchem Zeitpunkt, kam ein Bluescreen. Dort stand was von:

Zitat:

Physisches Speicherabbild wird erstellt
STOP: 0x0000007F

PC hat neu gestartet, Log File ist leider nicht vorhanden. Das einzige was in C: vorhanden ist, ist ein Ordner "ComboFix", der 40MB gross ist, aber die Funktion eines Arbeitsplatzes hat. Das heisst, wenn ich den öffnen möchte, komme ich einfach zum Arbeitsplatz.

In der Ereignisanzeige unter System hab ich noch folgendes gefunden:

Zitat:

System Error
Kategorie: 102
Ereigniskennung: 1003

Fehlercode 1000007f, 1. Parameter 00000008, 2. Parameter 80042000, 3. Parameter 00000000,
4. Parameter 00000000.

Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.

genau dasselbe Verhalten. Und zwar hat er Stufe_50 fertiggestellt, dann kam lösche Dateien und gleich ist er abgestürzt.

Dann probier es bitte im abgesicherten Modus nochmal

im abgesicherten Modus hat es geklappt:

Code:

ComboFix 11-12-01.01 - User 03.12.2011  10:23:15.4.1 - x86 NETWORK

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1023.745 [GMT 1:00]

ausgeführt von:: c:\dokumente und einstellungen\User\Desktop\ComboFix.exe

AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\dokumente und einstellungen\All Users\Anwendungsdaten\playercachelines.tmp

c:\dokumente und einstellungen\All Users\Anwendungsdaten\sortedcards.tmp

c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP

c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{2B55AF83-017A-4C81-9324-D9D3255642A6}\PostBuild.exe

c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe

c:\dokumente und einstellungen\User\WINDOWS

c:\windows\CSC\d6

c:\windows\system32\CddbCdda.dll

c:\windows\system32\muzapp.exe

c:\windows\system32\system32

c:\windows\system32\system32\3DAudio.ax

c:\windows\system32\system32\avrt.dll

c:\windows\system32\system32\cis-2.4.dll

c:\windows\system32\system32\issacapi_bs-2.3.dll

c:\windows\system32\system32\issacapi_pe-2.3.dll

c:\windows\system32\system32\issacapi_se-2.3.dll

c:\windows\system32\system32\MACXMLProto.dll

c:\windows\system32\system32\MaDRM.dll

c:\windows\system32\system32\MaJGUILib.dll

c:\windows\system32\system32\MaJUtilLib.dll

c:\windows\system32\system32\MAMACExtract.dll

c:\windows\system32\system32\MASetupCaller.dll

c:\windows\system32\system32\MASetupCleaner.exe

c:\windows\system32\system32\MaXMLProto.dll

c:\windows\system32\system32\MetaStore2.dll

c:\windows\system32\system32\mfplat.dll

c:\windows\system32\system32\Microsoft.Synchronization.dll

c:\windows\system32\system32\MK_Lyric.dll

c:\windows\system32\system32\MSCLib.dll

c:\windows\system32\system32\MSFLib.dll

c:\windows\system32\system32\MSLUR71.dll

c:\windows\system32\system32\msvcp60.dll

c:\windows\system32\system32\MTTELECHIP.dll

c:\windows\system32\system32\MTXSYNCICON.dll

c:\windows\system32\system32\muzaf1.dll

c:\windows\system32\system32\muzapp.dll

c:\windows\system32\system32\muzapp.exe

c:\windows\system32\system32\muzdecode.ax

c:\windows\system32\system32\muzeffect.ax

c:\windows\system32\system32\muzmp4sp.ax

c:\windows\system32\system32\muzmpgsp.ax

c:\windows\system32\system32\muzoggsp.ax

c:\windows\system32\system32\muzwmts.dll

c:\windows\system32\system32\psapi.dll

c:\windows\system32\system32\Synchronization2.dll

c:\windows\system32\tmp.reg

c:\windows\system32\usmt\migwiz_a.exe

c:\windows\system32\winlogon.bak

c:\windows\XSxS

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-11-03 bis 2011-12-03  ))))))))))))))))))))))))))))))

.

.

2011-12-01 22:45 . 2011-12-01 22:45        --------        d-----w-        c:\dokumente und einstellungen\User\.eclipse

2011-11-29 18:02 . 2011-11-29 18:02        --------        d-----w-        C:\_OTL

2011-11-27 21:03 . 2011-11-27 21:04        --------        d-----w-        c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google

2011-11-27 21:03 . 2011-11-27 21:03        --------        d-----w-        c:\programme\Google

2011-11-27 10:29 . 2011-11-27 10:29        --------        d-----w-        c:\dokumente und einstellungen\UpdatusUser

2011-11-27 10:29 . 2011-11-27 10:29        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\NVIDIA

2011-11-27 10:27 . 2011-10-08 04:50        602432        ----a-w-        c:\windows\system32\easyupdatusapiu.dll

2011-11-27 10:19 . 2011-08-16 10:45        6144        -c----w-        c:\windows\system32\dllcache\iecompat.dll

2011-11-27 10:18 . 2003-07-02 03:42        27904        ----a-w-        c:\windows\system32\drivers\VIAAGP1.SYS

2011-11-27 10:17 . 2011-08-22 23:41        12800        -c----w-        c:\windows\system32\dllcache\xpshims.dll

2011-11-27 10:17 . 2011-08-22 23:41        602112        -c----w-        c:\windows\system32\dllcache\msfeeds.dll

2011-11-27 10:17 . 2011-08-22 23:41        55296        -c----w-        c:\windows\system32\dllcache\msfeedsbs.dll

2011-11-27 10:17 . 2011-08-22 23:41        2000384        -c----w-        c:\windows\system32\dllcache\iertutil.dll

2011-11-27 10:17 . 2011-08-22 23:41        247808        -c----w-        c:\windows\system32\dllcache\ieproxy.dll

2011-11-27 10:17 . 2011-08-23 16:41        11081728        -c----w-        c:\windows\system32\dllcache\ieframe.dll

2011-11-27 10:17 . 2011-08-22 23:41        743424        -c----w-        c:\windows\system32\dllcache\iedvtool.dll

2011-11-27 09:59 . 2011-11-27 09:59        --------        d-----w-        c:\programme\SystemRequirementsLab

2011-11-27 08:58 . 2008-06-14 17:32        273024        -c----w-        c:\windows\system32\dllcache\bthport.sys

2011-11-27 08:58 . 2010-06-14 14:31        744448        -c----w-        c:\windows\system32\dllcache\helpsvc.exe

2011-11-27 08:57 . 2010-11-02 15:17        40960        -c----w-        c:\windows\system32\dllcache\ndproxy.sys

2011-11-27 08:57 . 2010-08-27 08:01        119808        -c----w-        c:\windows\system32\dllcache\t2embed.dll

2011-11-27 08:57 . 2009-10-15 16:28        81920        -c----w-        c:\windows\system32\dllcache\fontsub.dll

2011-11-27 08:57 . 2009-02-06 10:10        227840        -c----w-        c:\windows\system32\dllcache\wmiprvse.exe

2011-11-27 08:57 . 2009-03-06 14:19        286720        -c----w-        c:\windows\system32\dllcache\pdh.dll

2011-11-27 08:57 . 2009-02-09 11:21        111104        -c----w-        c:\windows\system32\dllcache\services.exe

2011-11-27 08:57 . 2009-02-09 10:51        401408        -c----w-        c:\windows\system32\dllcache\rpcss.dll

2011-11-27 08:57 . 2009-02-09 10:51        473600        -c----w-        c:\windows\system32\dllcache\fastprox.dll

2011-11-27 08:57 . 2009-02-06 10:39        35328        -c----w-        c:\windows\system32\dllcache\sc.exe

2011-11-27 08:57 . 2009-02-09 10:51        453120        -c----w-        c:\windows\system32\dllcache\wmiprvsd.dll

2011-11-27 08:57 . 2009-06-21 21:45        153088        -c----w-        c:\windows\system32\dllcache\triedit.dll

2011-11-27 08:56 . 2011-04-21 13:37        105472        -c----w-        c:\windows\system32\dllcache\mup.sys

2011-11-27 08:56 . 2010-06-14 07:41        1172480        -c----w-        c:\windows\system32\dllcache\msxml3.dll

2011-11-27 08:56 . 2008-05-08 14:02        203136        -c----w-        c:\windows\system32\dllcache\rmcast.sys

2011-11-27 08:55 . 2010-06-18 13:36        3558912        -c----w-        c:\windows\system32\dllcache\moviemk.exe

2011-11-26 13:09 . 2008-04-14 11:00        24661        ----a-w-        c:\windows\system32\spxcoins.dll

2011-11-26 13:09 . 2008-04-14 11:00        13824        ----a-w-        c:\windows\system32\irclass.dll

2011-11-26 12:35 . 2011-11-26 12:35        --------        d-----w-        c:\windows\NLDRV

2011-11-26 10:25 . 2011-11-26 10:25        1571840        ----a-w-        c:\windows\system32\sfcfiles.dll

2011-11-26 10:25 . 2011-11-26 10:25        1005056        ----a-w-        c:\windows\system32\syssetup.dll

2011-11-26 10:25 . 2003-08-06 10:43        159744        ----a-w-        c:\windows\system32\drivers\Fasttx2k.sys

2011-11-23 16:26 . 2011-11-23 16:26        --------        d-----w-        c:\programme\ESET

2011-11-10 21:04 . 2011-12-01 18:18        --------        d-----w-        c:\programme\eclipse-jee-indigo-SR1-win32

2011-11-07 15:47 . 2011-11-07 15:47        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Boss Media

2011-11-07 15:47 . 2011-11-07 15:47        --------        d-----w-        c:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Boss Media

2011-11-07 15:46 . 2011-11-07 15:48        --------        d-----w-        c:\programme\Poker Heaven

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-27 09:10 . 2008-04-14 11:00        513024        ----a-w-        c:\windows\system32\winlogon.exe

2011-10-10 14:22 . 2007-02-09 10:07        692736        ----a-w-        c:\windows\system32\inetcomm.dll

2011-10-08 04:50 . 2010-11-14 20:51        65536        ----a-w-        c:\windows\system32\OpenCL.dll

2011-10-08 04:50 . 2010-11-14 20:51        919872        ----a-w-        c:\windows\system32\nvdispco32.dll

2011-10-08 04:50 . 2010-11-14 20:51        877376        ----a-w-        c:\windows\system32\nvgenco32.dll

2011-10-08 04:50 . 2010-11-14 20:51        2398016        ----a-w-        c:\windows\system32\nvcuvid.dll

2011-10-08 04:50 . 2010-11-14 20:51        2099520        ----a-w-        c:\windows\system32\nvcuvenc.dll

2011-10-08 04:50 . 2010-11-14 20:51        17240064        ----a-w-        c:\windows\system32\nvcompiler.dll

2011-10-08 04:50 . 2010-10-16 11:05        54272        ----a-w-        c:\windows\system32\nvwddi.dll

2011-10-08 04:50 . 2010-10-16 11:05        335872        ----a-w-        c:\windows\system32\nvrsar.dll

2011-10-08 04:50 . 2010-10-16 11:05        331776        ----a-w-        c:\windows\system32\nvrshe.dll

2011-10-08 04:50 . 2010-10-16 11:05        286720        ----a-w-        c:\windows\system32\nvrsfr.dll

2011-10-08 04:50 . 2010-10-16 11:05        282624        ----a-w-        c:\windows\system32\nvrses.dll

2011-10-08 04:50 . 2010-10-16 11:05        282624        ----a-w-        c:\windows\system32\nvrsel.dll

2011-10-08 04:50 . 2010-10-16 11:05        278528        ----a-w-        c:\windows\system32\nvrsde.dll

2011-10-08 04:50 . 2010-10-16 11:05        274432        ----a-w-        c:\windows\system32\nvrsnl.dll

2011-10-08 04:50 . 2010-10-16 11:05        274432        ----a-w-        c:\windows\system32\nvrsesm.dll

2011-10-08 04:50 . 2010-10-16 11:05        270336        ----a-w-        c:\windows\system32\nvrsru.dll

2011-10-08 04:50 . 2010-10-16 11:05        270336        ----a-w-        c:\windows\system32\nvrsptb.dll

2011-10-08 04:50 . 2010-10-16 11:05        266240        ----a-w-        c:\windows\system32\nvrsko.dll

2011-10-08 04:50 . 2010-10-16 11:05        262144        ----a-w-        c:\windows\system32\nvrshu.dll

2011-10-08 04:50 . 2010-10-16 11:05        258048        ----a-w-        c:\windows\system32\nvrstr.dll

2011-10-08 04:50 . 2010-10-16 11:05        258048        ----a-w-        c:\windows\system32\nvrssl.dll

2011-10-08 04:50 . 2010-10-16 11:05        258048        ----a-w-        c:\windows\system32\nvrssk.dll

2011-10-08 04:50 . 2010-10-16 11:05        253952        ----a-w-        c:\windows\system32\nvrsth.dll

2011-10-08 04:50 . 2010-10-16 11:05        253952        ----a-w-        c:\windows\system32\nvrssv.dll

2011-10-08 04:50 . 2010-10-16 11:05        253952        ----a-w-        c:\windows\system32\nvrsda.dll

2011-10-08 04:50 . 2010-10-16 11:05        249856        ----a-w-        c:\windows\system32\nvrsfi.dll

2011-10-08 04:50 . 2010-10-16 11:05        249856        ----a-w-        c:\windows\system32\nvrseng.dll

2011-10-08 04:50 . 2010-10-16 11:05        249856        ----a-w-        c:\windows\system32\nvrscs.dll

2011-10-08 04:50 . 2010-10-16 11:05        229376        ----a-w-        c:\windows\system32\nvrszhc.dll

2011-10-08 04:50 . 2010-10-16 11:05        126976        ----a-w-        c:\windows\system32\nvrszht.dll

2011-10-08 04:50 . 2010-10-16 11:05        298304        ----a-w-        c:\windows\system32\nvsvc32.exe

2011-10-08 04:50 . 2010-10-16 11:05        282624        ----a-w-        c:\windows\system32\nvrsit.dll

2011-10-08 04:50 . 2010-10-16 11:05        274432        ----a-w-        c:\windows\system32\nvrspt.dll

2011-10-08 04:50 . 2010-10-16 11:05        270336        ----a-w-        c:\windows\system32\nvrsja.dll

2011-10-08 04:50 . 2010-10-16 11:05        258048        ----a-w-        c:\windows\system32\nvrspl.dll

2011-10-08 04:50 . 2010-10-16 11:05        253952        ----a-w-        c:\windows\system32\nvrsno.dll

2011-10-08 04:50 . 2010-10-16 11:05        220992        ----a-w-        c:\windows\system32\nvcolor.exe

2011-10-08 04:50 . 2010-10-16 11:05        203072        ----a-w-        c:\windows\system32\nvmctray.dll

2011-10-08 04:50 . 2010-10-16 11:05        16744256        ----a-w-        c:\windows\system32\nvcpl.dll

2011-10-08 04:50 . 2008-05-16 12:01        5595136        ----a-w-        c:\windows\system32\nvcuda.dll

2011-10-08 04:50 . 2008-05-16 12:01        2449408        ----a-w-        c:\windows\system32\nvapi.dll

2011-10-08 04:50 . 2005-04-01 15:16        4226688        ----a-w-        c:\windows\system32\nv4_disp.dll

2011-10-08 04:50 . 2005-04-01 15:16        17956864        ----a-w-        c:\windows\system32\nvoglnt.dll

2011-10-08 04:50 . 2005-04-01 15:16        12791488        ----a-w-        c:\windows\system32\drivers\nv4_mini.sys

2011-10-06 12:45 . 2011-06-03 08:20        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-28 07:06 . 2008-04-14 11:00        604160        ----a-w-        c:\windows\system32\crypt32.dll

2011-09-26 10:41 . 2008-07-29 17:59        614912        ----a-w-        c:\windows\system32\uiautomationcore.dll

2011-09-26 10:41 . 2008-04-14 11:00        23040        ----a-w-        c:\windows\system32\oleaccrc.dll

2011-09-26 10:41 . 2008-04-14 11:00        220160        ----a-w-        c:\windows\system32\oleacc.dll

2011-09-18 06:39 . 2011-10-06 22:23        134344        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-09-15 21:55 . 2011-10-06 22:23        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2011-09-15 21:55 . 2011-10-06 22:23        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-09-06 14:10 . 2008-04-14 11:00        1859072        ----a-w-        c:\windows\system32\win32k.sys

2011-11-09 15:50 . 2011-07-21 21:26        134104        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2011-11-27 . 63F596358D91E0DE887E3D031CCCF5C6 . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

.

[-] 2011-11-26 . 451D0981F4CCA5697307AF90D799BDC3 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 17:12        86280        ----a-w-        c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 17:12        86280        ----a-w-        c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 17:12        86280        ----a-w-        c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 17:12        86280        ----a-w-        c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 17:12        86280        ----a-w-        c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 17:12        86280        ----a-w-        c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 17:12        86280        ----a-w-        c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 17:12        86280        ----a-w-        c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2010-01-18 17:12        86280        ----a-w-        c:\programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\dokumente und einstellungen\User\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\dokumente und einstellungen\User\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\dokumente und einstellungen\User\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\dokumente und einstellungen\User\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\programme\Skype\Phone\Skype.exe" [2011-10-13 17351304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPWNTOOLBOX"="c:\programme\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe" [2004-07-21 327680]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-10-05 258512]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]

"SoundMan"="SOUNDMAN.EXE" [2005-02-02 77824]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]

"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]

"nwiz"="c:\programme\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]

.

c:\dokumente und einstellungen\User\Startmenü\Programme\Autostart\

Dropbox.lnk - c:\dokumente und einstellungen\User\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2011-10-31 24241928]

.

c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\

VIA RAID TOOL.lnk - c:\programme\VIA\RAID\raid_tool.exe [2007-11-11 565248]

Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21        548352        ----a-w-        c:\programme\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^User^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]

path=c:\dokumente und einstellungen\User\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Programme\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Programme\\Gemeinsame Dateien\\Nero\\Nero Web\\SetupX.exe"=

"c:\\Programme\\ICQ6\\ICQ.exe"=

"c:\\Programme\\RVG Software\\Holdem Manager\\HoldemManager.exe"=

"c:\\Programme\\RVG Software\\Holdem Manager\\HMHud.exe"=

"c:\\Programme\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=

"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Programme\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\PokerStrategy.com\\PokerStrategy.com Equilator\\Equilator.exe"=

"c:\\Programme\\Zattoo\\zattood.exe"=

"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Programme\\Hewlett-Packard\\hp business inkjet 1200 series\\Toolbox\\HPWNTBX.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Dokumente und Einstellungen\\User\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Programme\\Bonjour\\mDNSResponder.exe"=

"c:\\Programme\\iTunes\\iTunes.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=

"c:\\Programme\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

"c:\\Programme\\TeamViewer\\Version7\\TeamViewer.exe"=

"c:\\Programme\\TeamViewer\\Version7\\TeamViewer_Service.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"5432:TCP"= 5432:TCP:postgres

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [04.08.2010 23:06 239168]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [28.02.2011 23:37 338880]

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [10.02.2007 23:34 77312]

S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [06.10.2011 23:23 36000]

S1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 19:25 12872]

S1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 19:41 67656]

S2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [06.10.2011 23:23 86224]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [31.10.2010 01:28 217088]

S2 gupdate;Google Update-Dienst (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [27.11.2011 22:03 136176]

S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [01.03.2011 00:22 366152]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [27.11.2011 11:29 2253120]

S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\programme\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N "pgsql-8.3" -D "c:\programme\PostgreSQL\8.3\data\" --> c:\programme\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N pgsql-8.3 [?]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [06.05.2010 02:59 583360]

S3 B-Service;B-Service;c:\dokumente und einstellungen\User\Anwendungsdaten\Mikogo\B-Service.exe [28.05.2009 12:56 185640]

S3 Clisrvpb0-0;Clisrvpb0-0; [x]

S3 DCamUSBNW812;NW812 USB PC Camera;c:\windows\system32\drivers\pcam812.sys [10.02.2007 23:41 182380]

S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [06.02.2011 22:10 20032]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [31.10.2010 01:28 36640]

S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [27.11.2011 22:03 136176]

S3 Lower812;812 audio lower filter;c:\windows\system32\drivers\lower812.sys [10.02.2007 23:41 9808]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [01.03.2011 00:22 22216]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [28.02.2011 23:36 366840]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [07.08.2011 21:50 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [07.08.2011 21:50 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [07.08.2011 21:50 136808]

S3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;c:\windows\system32\drivers\yukonx86.sys [10.02.2007 23:24 176256]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.02.2007 16:21 646392]

.

Inhalt des "geplante Tasks" Ordners

.

2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2011-11-27 21:03]

.

2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2011-11-27 21:03]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.ch/

uInternet Settings,ProxyOverride = *.local;<local>

IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\User\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: recon.ch\owa

Trusted Zone: unijob.ch\citrix

TCP: DhcpNameServer = 192.168.1.254

DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab

FF - ProfilePath - c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\or1jorif.default\

FF - prefs.js: browser.search.selectedEngine - 

FF - prefs.js: browser.startup.homepage - www.google.ch

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

AddRemove-SAMSUNG CDMA Modem - c:\windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\programme\DivX\DivXCodecUninstall.exe

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\programme\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\programme\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\programme\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\programme\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\programme\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-12_Symbian_USB_Download_Driver - c:\program files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe

AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe

AddRemove-16_Shrewsbury - c:\programme\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\programme\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\programme\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\programme\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\programme\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\programme\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\programme\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\programme\Samsung\USB Drivers\25_escape\Uninstall.exe

AddRemove-26_VIA_driver2 - c:\programme\Samsung\USB Drivers\26_VIA_driver2\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-12-03 10:31

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\programme\CyberLink\PowerDVD\000.fcl"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'winlogon.exe'(480)

c:\programme\SUPERAntiSpyware\SASWINLO.DLL

.

Zeit der Fertigstellung: 2011-12-03  10:34:09

ComboFix-quarantined-files.txt  2011-12-03 09:34

.

Vor Suchlauf: 560'312'320 Bytes frei

Nach Suchlauf: 679'026'688 Bytes frei

.

- - End Of File - - 25294B615552B8F09C6502DD6A1FBA08

Ok Mach wieder im normalen Modus weiter.
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

GMER hat nur im abgesicherten Modus funktioniert. Hier das Log:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2011-12-04 03:01:56

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\fasttx2k1Port2Path0Target0Lun0 Promise_ rev.1.10

Running: bepcft2h.exe; Driver: C:\DOKUME~1\user\LOKALE~1\Temp\uxdiapod.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                      ZwCreateKey [0xF76DF6E6]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                      ZwCreateProcess [0xF76BDF68]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                      ZwCreateProcessEx [0xF76BE230]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                      ZwDeleteKey [0xF76E00A0]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                      ZwDeleteValueKey [0xF76E042A]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                      ZwOpenKey [0xF76DE924]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                      ZwRenameKey [0xF76E096E]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                      ZwSetValueKey [0xF76DFAA4]

SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                                      ZwTerminateProcess [0xF76BD9D8]
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                             fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Programme\DAEMON Tools\

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0x07 0x72 0xF1 0x70 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x44 0xB3 0x5D 0x30 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0xF1 0x16 0x52 0xA7 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools\

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x07 0x72 0xF1 0x70 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x44 0xB3 0x5D 0x30 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xF1 0x16 0x52 0xA7 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools\

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x07 0x72 0xF1 0x70 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x44 0xB3 0x5D 0x30 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xB0 0x77 0x5C 0xEA ...

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools\

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x07 0x72 0xF1 0x70 ...

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x44 0xB3 0x5D 0x30 ...

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xF1 0x16 0x52 0xA7 ...

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools\

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x07 0x72 0xF1 0x70 ...

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x44 0xB3 0x5D 0x30 ...

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xF1 0x16 0x52 0xA7 ...
 

---- EOF - GMER 1.0.15 ----

Hier noch das Log von OSAM:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 13:36:17 on 04.12.2011
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"ALSNDMGR.CPL" - ? - C:\WINDOWS\system32\ALSNDMGR.CPL  (File found, but it contains no detailed information)

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Personal - Free Antivirus " - "Avira Operations GmbH & Co. KG" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL

"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl

"NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL

"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"812 audio lower filter" (Lower812) - "Divio Inc." - C:\WINDOWS\System32\drivers\lower812.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys

"catchme" (catchme) - ? - C:\DOKUME~1\User\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"Clisrvpb0-0" (Clisrvpb0-0) - ? - C:\WINDOWS\system32\drivers\Clisrvpb0-0.sys  (File not found)

"dgderdrv" (dgderdrv) - "Devguru Co., Ltd" - C:\WINDOWS\System32\drivers\dgderdrv.sys

"ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\ElbyCDFL.sys

"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys

"FsUsbExDisk" (FsUsbExDisk) - ? - C:\WINDOWS\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys

"MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\WINDOWS\system32\drivers\mbamswissarmy.sys  (File not found)

"NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter" (yukonx86) - "Marvell Semiconductor Inc." - C:\WINDOWS\System32\DRIVERS\yukonx86.sys

"NW812 USB PC Camera" (DCamUSBNW812) - "Divio Inc." - C:\WINDOWS\System32\DRIVERS\pcam812.sys

"PC Tools Data Store" (pctDS) - "PC Tools" - C:\WINDOWS\System32\drivers\pctDS.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PCTools KDS" (PCTCore) - "PC Tools" - C:\WINDOWS\System32\drivers\PCTCore.sys

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS

"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS

"Service for Realtek AC97 Audio (WDM)" (ALCXWDM) - "Realtek Semiconductor Corp." - C:\WINDOWS\System32\drivers\ALCXWDM.SYS

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)

"USB Device Lower Filter" (FiltUSBEMPIA) - "eMPIA Technology Inc." - C:\WINDOWS\System32\DRIVERS\emFilter.sys

"USB Still Image Capture Device" (ScanUSBEMPIA) - "eMPIA Technology, Inc." - C:\WINDOWS\System32\DRIVERS\emScan.sys

"VIJE Talk 2.0 Pro" (DCamUSBEMPIA) - "eMPIA Technology, Inc." - C:\WINDOWS\System32\DRIVERS\emDevice.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

"Wireless LAN Adapter" (AR5211) - ? - C:\WINDOWS\System32\DRIVERS\ar5211.sys

"{95808DC4-FA4A-4c74-92FE-5B863F82066B}" ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) - "Cyberlink Corp." - C:\Programme\CyberLink\PowerDVD\000.fcl
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\TortoiseSVN\bin\TortoiseStub.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL

{56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll

{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\VISSHE.DLL

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nview\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nview\nvshell.dll

{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll

{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\VISSHE.DLL

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{73B24247-042E-4EF5-ADC2-42F62E6FD654} "MCLiteShellExt Class" - ? - C:\Programme\ICQLite\ICQLiteShell.dll

{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll

{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Programme\Nokia\Nokia PC Suite 7\phonebrowser.dll

{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nview\nvshell.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL

{35786D3C-B075-49b9-88DD-029876E11C01} "Portable Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll

{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} "Portable Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll

{640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\Audiodev.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{27622C82-C54A-401B-AA92-13070E7BB19C} "ShellPlus test context menu" - ? - C:\PROGRA~1\AUDIOC~1\menu.dll  (File found, but it contains no detailed information)

{30351346-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\TortoiseSVN\bin\TortoiseStub.dll

{30351347-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\TortoiseSVN\bin\TortoiseStub.dll

{30351348-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\TortoiseSVN\bin\TortoiseStub.dll

{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\TortoiseSVN\bin\TortoiseStub.dll

{3035134A-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\TortoiseSVN\bin\TortoiseStub.dll

{3035134B-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\TortoiseSVN\bin\TortoiseStub.dll

{3035134C-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\TortoiseSVN\bin\TortoiseStub.dll

{3035134D-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\TortoiseSVN\bin\TortoiseStub.dll

{3035134E-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\TortoiseSVN\bin\TortoiseStub.dll

{3035134F-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\TortoiseSVN\bin\TortoiseStub.dll

{30351350-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\TortoiseSVN\bin\TortoiseStub.dll

{C5994560-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

{C5994561-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

{C5994562-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

{C5994563-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

{C5994564-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

{C5994565-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

{C5994566-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

{C5994567-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

{C5994568-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Programme\Gemeinsame Dateien\TortoiseOverlays\TortoiseOverlays.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL

{13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL

{44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRar\rarext.dll  (File found, but it contains no detailed information)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----

{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "WPDShServiceObj Class" - "Microsoft Corporation" - C:\WINDOWS\system32\WPDShServiceObj.dll
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"Cool Hand Poker" - "Microgaming" - C:\MicroGaming\Poker\coolhandMPP\MPPoker.exe

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

55963676-2F5E-4BAF-AC28-CF26AA587566 "55963676-2F5E-4BAF-AC28-CF26AA587566" - ? -   (File not found | COM-object registry key not found) / vpnweb.cab

{4871A87A-BFDD-4106-8153-FFDE2BAC2967} "DLM Control" - "Akamai Technologies, Inc." - C:\WINDOWS\DOWNLO~1\DOWNLO~1.OCX / hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.4.cab

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=39204

{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

"ICQ Lite" - ? - C:\Programme\ICQLite\ICQLite.exe  (File not found)

"ICQ6" - "ICQ, Inc." - C:\Programme\ICQ6\ICQ.exe

"PartyPoker.com" - ? - C:\Programme\PartyGaming\PartyPoker\RunApp.exe

"PokerStars" - "PokerStars" - C:\Programme\PokerStars\PokerStarsUpdate.exe

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

"Titan Poker" - ? - C:\Poker\Titan Poker\casino.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"VIA RAID TOOL.lnk" - "VIA Technologies" - C:\Programme\VIA\RAID\raid_tool.exe  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\User\Startmenü\Programme\Autostart\desktop.ini

"Dropbox.lnk" - "Dropbox, Inc." - C:\Dokumente und Einstellungen\User\Anwendungsdaten\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"GrooveMonitor" - "Microsoft Corporation" - "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"

"HPWNTOOLBOX" - "Hewlett-Packard Company" - C:\Programme\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe "-i"

"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

"NvMediaCenter" - "NVIDIA Corporation" - RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

"nwiz" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nview\nwiz.exe /installquiet

"SoundMan" - "Realtek Semiconductor Corp." - SOUNDMAN.EXE
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

"PDFCreator" - "internet-support foehr.com" - C:\WINDOWS\system32\pdfcmnnt.dll

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"B-Service" (B-Service) - ? - C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mikogo\B-Service.exe  (File found, but it contains no detailed information)

"Cisco AnyConnect VPN Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

"CLCV0" (UTSCSI) - ? - C:\WINDOWS\system32\UTSCSI.EXE

"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared files\RichVideo.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe

"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

"FsUsbExService" (FsUsbExService) - "Teruten" - C:\WINDOWS\system32\FsUsbExService.Exe

"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE

"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe

"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe

"NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe

"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"PC Tools Auxiliary Service" (sdAuxService) - "PC Tools" - C:\Programme\Spyware Doctor\pctsAuxs.exe

"PC Tools Security Service" (sdCoreService) - "PC Tools" - C:\Programme\Spyware Doctor\pctsSvc.exe

"PostgreSQL Database Server 8.3" (pgsql-8.3) - "PostgreSQL Global Development Group" - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe

"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Media Player-Netzwerkfreigabedienst" (WMPNetworkSvc) - "Microsoft Corporation" - C:\Programme\Windows Media Player\WMPNetwk.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

"Zune Bus Enumerator" (ZuneBusEnum) - "Microsoft Corporation" - C:\WINDOWS\system32\ZuneBusEnum.exe

"Zune Network Sharing Service" (ZuneNetworkSvc) - "Microsoft Corporation" - C:\Programme\Microsoft\Zune\ZuneNss.exe

"Zune Wireless Configuration Service" (ZuneWlanCfgSvc) - "Microsoft Corporation" - C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL

"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

und zum Schluss noch das aswMBR.txt:

Code:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software

Run date: 2011-12-04 13:43:12

-----------------------------

13:43:12.751    OS Version: Windows 5.1.2600 Service Pack 3

13:43:12.751    Number of processors: 1 586 0x1F00

13:43:12.751    ComputerName: PCXXXXX  UserName: 

13:43:13.205    Initialize success

13:53:13.126    AVAST engine defs: 11120400

14:14:15.001    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\fasttx2k1Port2Path0Target0Lun0

14:14:15.001    Disk 0 Vendor: Promise_ 1.10 Size: 388961MB BusType: 1

14:14:15.001    Device \Driver\fasttx2k -> DriverStartIo SCSIPORT.SYS f740240e

14:14:15.017    Disk 0 MBR read successfully

14:14:15.017    Disk 0 MBR scan

14:14:15.064    Disk 0 Windows XP default MBR code

14:14:15.064    Disk 0 scanning sectors +796583025

14:14:15.205    Disk 0 scanning C:\WINDOWS\system32\drivers

14:14:32.876    Service scanning

14:14:33.955    Modules scanning

14:14:39.658    Disk 0 trace - called modules:

14:14:39.658    ntkrnlpa.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll fasttx2k.sys 

14:14:39.658    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8676cab8]

14:14:40.173    3 CLASSPNP.SYS[f763cfd7] -> nt!IofCallDriver -> \Device\Scsi\fasttx2k1Port2Path0Target0Lun0[0x86745a38]

14:14:40.658    AVAST engine scan C:\WINDOWS

14:15:07.392    AVAST engine scan C:\WINDOWS\system32

14:18:08.845    AVAST engine scan C:\WINDOWS\system32\drivers

14:18:29.345    AVAST engine scan C:\Dokumente und Einstellungen\User

14:25:12.126    AVAST engine scan C:\Dokumente und Einstellungen\All Users

14:28:40.986    Scan finished successfully

14:55:35.095    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\User\Desktop\MBR.dat"

14:55:35.126    The log file has been saved successfully to "C:\Dokumente und Einstellungen\User\Desktop\aswMBR.txt"

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hier mal das Log von Malwarebytes. Der Rest kommt morgen:

Code:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 8316
 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702
 

05.12.2011 23:02:58

mbam-log-2011-12-05 (23-02-58).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)

Durchsuchte Objekte: 468741

Laufzeit: 2 Stunde(n), 15 Minute(n), 48 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 1

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 2
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Poker 770 (PUP.Casino) -> Not selected for removal.
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

c:\Poker\poker 770\_setupcasino_215b37.exe (PUP.Casino) -> Not selected for removal.

c:\system volume information\_restore{725406ef-36e8-4491-b9c1-feec8c3500ae}\RP7\A0005863.dll (Hacktool) -> Quarantined and deleted successfully.