Trojaner-Board - Systemfix entfernt

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Systemfix entfernt - PC wieder sauber? (https://www.trojaner-board.de/105854-systemfix-entfernt-pc-sauber.html)

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Guten Abend Arne,

der log nach TDSSKiller

Code:

21:10:46.0921 4676        TDSS rootkit removing tool 2.6.22.0 Dec  7 2011 13:21:06

21:10:47.0218 4676        ============================================================

21:10:47.0218 4676        Current date / time: 2011/12/08 21:10:47.0218

21:10:47.0218 4676        SystemInfo:

21:10:47.0218 4676        

21:10:47.0218 4676        OS Version: 5.1.2600 ServicePack: 3.0

21:10:47.0218 4676        Product type: Workstation

21:10:47.0218 4676        ComputerName: MAIN

21:10:47.0218 4676        UserName: Kunde

21:10:47.0218 4676        Windows directory: C:\WINDOWS

21:10:47.0218 4676        System windows directory: C:\WINDOWS

21:10:47.0218 4676        Processor architecture: Intel x86

21:10:47.0218 4676        Number of processors: 2

21:10:47.0218 4676        Page size: 0x1000

21:10:47.0218 4676        Boot type: Normal boot

21:10:47.0218 4676        ============================================================

21:10:48.0437 4676        Initialize success

21:10:59.0781 4252        ============================================================

21:10:59.0781 4252        Scan started

21:10:59.0781 4252        Mode: Manual; SigCheck; TDLFS; 

21:10:59.0781 4252        ============================================================

21:11:00.0500 4252        Abiosdsk - ok

21:11:00.0531 4252        abp480n5 - ok

21:11:00.0578 4252        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

21:11:01.0093 4252        ACPI - ok

21:11:01.0109 4252        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

21:11:01.0187 4252        ACPIEC - ok

21:11:01.0203 4252        adpu160m - ok

21:11:01.0234 4252        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

21:11:01.0312 4252        aec - ok

21:11:01.0343 4252        AFD             (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys

21:11:01.0359 4252        AFD - ok

21:11:01.0375 4252        Aha154x - ok

21:11:01.0375 4252        aic78u2 - ok

21:11:01.0390 4252        aic78xx - ok

21:11:01.0406 4252        AliIde - ok

21:11:01.0453 4252        Ambfilt         (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys

21:11:01.0546 4252        Ambfilt - ok

21:11:01.0578 4252        AmdK8           (58be3c2f1aa041ea56f7305a6463035c) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

21:11:01.0625 4252        AmdK8 - ok

21:11:01.0625 4252        amsint - ok

21:11:01.0671 4252        Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

21:11:01.0750 4252        Arp1394 - ok

21:11:01.0750 4252        asc - ok

21:11:01.0765 4252        asc3350p - ok

21:11:01.0765 4252        asc3550 - ok

21:11:01.0796 4252        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

21:11:01.0875 4252        AsyncMac - ok

21:11:01.0890 4252        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

21:11:01.0984 4252        atapi - ok

21:11:01.0984 4252        Atdisk - ok

21:11:02.0296 4252        ati2mtag        (f27a0b0d1373d36d866f29b434b7aa92) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

21:11:02.0515 4252        ati2mtag - ok

21:11:02.0515 4252        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

21:11:02.0625 4252        Atmarpc - ok

21:11:02.0656 4252        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

21:11:02.0750 4252        audstub - ok

21:11:02.0796 4252        AVGIDSDriver    (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

21:11:02.0937 4252        AVGIDSDriver - ok

21:11:02.0953 4252        AVGIDSEH        (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

21:11:02.0968 4252        AVGIDSEH - ok

21:11:02.0968 4252        AVGIDSFilter    (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

21:11:02.0984 4252        AVGIDSFilter - ok

21:11:03.0015 4252        AVGIDSShim      (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

21:11:03.0015 4252        AVGIDSShim - ok

21:11:03.0046 4252        Avgldx86        (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

21:11:03.0062 4252        Avgldx86 - ok

21:11:03.0078 4252        Avgmfx86        (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

21:11:03.0078 4252        Avgmfx86 - ok

21:11:03.0109 4252        Avgrkx86        (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

21:11:03.0125 4252        Avgrkx86 - ok

21:11:03.0140 4252        Avgtdix         (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

21:11:03.0156 4252        Avgtdix - ok

21:11:03.0171 4252        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

21:11:03.0265 4252        Beep - ok

21:11:03.0296 4252        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

21:11:03.0375 4252        cbidf2k - ok

21:11:03.0390 4252        cd20xrnt - ok

21:11:03.0390 4252        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

21:11:03.0484 4252        Cdaudio - ok

21:11:03.0500 4252        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

21:11:03.0593 4252        Cdfs - ok

21:11:03.0625 4252        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

21:11:03.0703 4252        Cdrom - ok

21:11:03.0703 4252        Changer - ok

21:11:03.0718 4252        CmdIde - ok

21:11:03.0734 4252        Cpqarray - ok

21:11:03.0750 4252        dac2w2k - ok

21:11:03.0765 4252        dac960nt - ok

21:11:03.0781 4252        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

21:11:03.0875 4252        Disk - ok

21:11:03.0906 4252        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

21:11:04.0000 4252        dmboot - ok

21:11:04.0015 4252        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

21:11:04.0109 4252        dmio - ok

21:11:04.0125 4252        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

21:11:04.0203 4252        dmload - ok

21:11:04.0234 4252        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

21:11:04.0328 4252        DMusic - ok

21:11:04.0328 4252        dpti2o - ok

21:11:04.0343 4252        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

21:11:04.0421 4252        drmkaud - ok

21:11:04.0468 4252        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

21:11:04.0562 4252        Fastfat - ok

21:11:04.0578 4252        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

21:11:04.0656 4252        Fdc - ok

21:11:04.0671 4252        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

21:11:04.0750 4252        Fips - ok

21:11:04.0781 4252        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

21:11:04.0859 4252        Flpydisk - ok

21:11:04.0875 4252        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

21:11:04.0984 4252        FltMgr - ok

21:11:05.0000 4252        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

21:11:05.0093 4252        Fs_Rec - ok

21:11:05.0109 4252        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

21:11:05.0203 4252        Ftdisk - ok

21:11:05.0203 4252        gdrv - ok

21:11:05.0234 4252        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

21:11:05.0328 4252        Gpc - ok

21:11:05.0343 4252        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

21:11:05.0421 4252        HDAudBus - ok

21:11:05.0453 4252        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

21:11:05.0546 4252        hidusb - ok

21:11:05.0546 4252        hpn - ok

21:11:05.0578 4252        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

21:11:05.0609 4252        HTTP - ok

21:11:05.0625 4252        i2omgmt - ok

21:11:05.0625 4252        i2omp - ok

21:11:05.0640 4252        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

21:11:05.0734 4252        i8042prt - ok

21:11:05.0734 4252        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

21:11:05.0828 4252        Imapi - ok

21:11:05.0843 4252        ini910u - ok

21:11:05.0937 4252        IntcAzAudAddService (0c5a04f0ffaebc25ac815ee14441a8cb) C:\WINDOWS\system32\drivers\RtkHDAud.sys

21:11:06.0125 4252        IntcAzAudAddService - ok

21:11:06.0125 4252        IntelIde - ok

21:11:06.0156 4252        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

21:11:06.0234 4252        Ip6Fw - ok

21:11:06.0250 4252        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

21:11:06.0343 4252        IpFilterDriver - ok

21:11:06.0343 4252        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

21:11:06.0421 4252        IpInIp - ok

21:11:06.0437 4252        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

21:11:06.0531 4252        IpNat - ok

21:11:06.0546 4252        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

21:11:06.0625 4252        IPSec - ok

21:11:06.0656 4252        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

21:11:06.0687 4252        IRENUM - ok

21:11:06.0703 4252        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

21:11:06.0781 4252        isapnp - ok

21:11:06.0796 4252        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

21:11:06.0890 4252        Kbdclass - ok

21:11:06.0921 4252        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

21:11:07.0000 4252        kbdhid - ok

21:11:07.0015 4252        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

21:11:07.0125 4252        kmixer - ok

21:11:07.0140 4252        KSecDD          (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys

21:11:07.0171 4252        KSecDD - ok

21:11:07.0203 4252        LBeepKE         (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys

21:11:07.0218 4252        LBeepKE - ok

21:11:07.0218 4252        lbrtfdc - ok

21:11:07.0234 4252        LHidFilt        (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

21:11:07.0250 4252        LHidFilt - ok

21:11:07.0281 4252        LMouFilt        (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

21:11:07.0281 4252        LMouFilt - ok

21:11:07.0296 4252        LUsbFilt        (77030525cd86a93f1af34fa9b96d33ce) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys

21:11:07.0312 4252        LUsbFilt - ok

21:11:07.0343 4252        MBAMProtector   (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

21:11:07.0359 4252        MBAMProtector - ok

21:11:07.0390 4252        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

21:11:07.0468 4252        mnmdd - ok

21:11:07.0484 4252        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

21:11:07.0593 4252        Modem - ok

21:11:07.0625 4252        Monfilt         (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys

21:11:07.0687 4252        Monfilt - ok

21:11:07.0703 4252        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

21:11:07.0796 4252        Mouclass - ok

21:11:07.0796 4252        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

21:11:07.0890 4252        mouhid - ok

21:11:07.0890 4252        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

21:11:07.0984 4252        MountMgr - ok

21:11:08.0000 4252        mraid35x - ok

21:11:08.0000 4252        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

21:11:08.0109 4252        MRxDAV - ok

21:11:08.0125 4252        MRxSmb          (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

21:11:08.0156 4252        MRxSmb - ok

21:11:08.0171 4252        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

21:11:08.0265 4252        Msfs - ok

21:11:08.0281 4252        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

21:11:08.0375 4252        MSKSSRV - ok

21:11:08.0375 4252        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

21:11:08.0468 4252        MSPCLOCK - ok

21:11:08.0468 4252        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

21:11:08.0546 4252        MSPQM - ok

21:11:08.0562 4252        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

21:11:08.0640 4252        mssmbios - ok

21:11:08.0671 4252        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

21:11:08.0703 4252        Mup - ok

21:11:08.0718 4252        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

21:11:08.0796 4252        NDIS - ok

21:11:08.0812 4252        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

21:11:08.0812 4252        NdisTapi - ok

21:11:08.0843 4252        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

21:11:08.0921 4252        Ndisuio - ok

21:11:08.0937 4252        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

21:11:09.0015 4252        NdisWan - ok

21:11:09.0046 4252        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

21:11:09.0046 4252        NDProxy - ok

21:11:09.0062 4252        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

21:11:09.0171 4252        NetBIOS - ok

21:11:09.0171 4252        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

21:11:09.0265 4252        NetBT - ok

21:11:09.0328 4252        NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

21:11:09.0437 4252        NIC1394 - ok

21:11:09.0453 4252        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

21:11:09.0546 4252        Npfs - ok

21:11:09.0578 4252        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

21:11:09.0687 4252        Ntfs - ok

21:11:09.0734 4252        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

21:11:09.0828 4252        Null - ok

21:11:09.0828 4252        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

21:11:09.0921 4252        NwlnkFlt - ok

21:11:09.0937 4252        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

21:11:10.0031 4252        NwlnkFwd - ok

21:11:10.0046 4252        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

21:11:10.0140 4252        ohci1394 - ok

21:11:10.0171 4252        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys

21:11:10.0265 4252        Parport - ok

21:11:10.0265 4252        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

21:11:10.0359 4252        PartMgr - ok

21:11:10.0359 4252        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

21:11:10.0437 4252        ParVdm - ok

21:11:10.0453 4252        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

21:11:10.0562 4252        PCI - ok

21:11:10.0562 4252        PCIDump - ok

21:11:10.0578 4252        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

21:11:10.0671 4252        PCIIde - ok

21:11:10.0687 4252        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

21:11:10.0796 4252        Pcmcia - ok

21:11:10.0796 4252        PDCOMP - ok

21:11:10.0812 4252        PDFRAME - ok

21:11:10.0812 4252        PDRELI - ok

21:11:10.0828 4252        PDRFRAME - ok

21:11:10.0843 4252        perc2 - ok

21:11:10.0843 4252        perc2hib - ok

21:11:10.0890 4252        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

21:11:10.0984 4252        PptpMiniport - ok

21:11:11.0000 4252        Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys

21:11:11.0109 4252        Processor - ok

21:11:11.0125 4252        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

21:11:11.0218 4252        PSched - ok

21:11:11.0234 4252        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

21:11:11.0312 4252        Ptilink - ok

21:11:11.0328 4252        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

21:11:11.0343 4252        PxHelp20 - ok

21:11:11.0343 4252        ql1080 - ok

21:11:11.0359 4252        Ql10wnt - ok

21:11:11.0359 4252        ql12160 - ok

21:11:11.0375 4252        ql1240 - ok

21:11:11.0375 4252        ql1280 - ok

21:11:11.0390 4252        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

21:11:11.0484 4252        RasAcd - ok

21:11:11.0484 4252        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

21:11:11.0562 4252        Rasl2tp - ok

21:11:11.0578 4252        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

21:11:11.0656 4252        RasPppoe - ok

21:11:11.0656 4252        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

21:11:11.0750 4252        Raspti - ok

21:11:11.0750 4252        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

21:11:11.0843 4252        Rdbss - ok

21:11:11.0859 4252        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

21:11:11.0937 4252        RDPCDD - ok

21:11:11.0953 4252        rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

21:11:12.0046 4252        rdpdr - ok

21:11:12.0078 4252        RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

21:11:12.0093 4252        RDPWD - ok

21:11:12.0109 4252        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

21:11:12.0187 4252        redbook - ok

21:11:12.0281 4252        RTHDMIAzAudService (1674a34f0084bffdec2dcdb1625a87f0) C:\WINDOWS\system32\drivers\RtKHDMI.sys

21:11:12.0375 4252        RTHDMIAzAudService - ok

21:11:12.0390 4252        RTLE8023xp      (00fd6811350e175585abcf7d4a61dd90) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

21:11:12.0421 4252        RTLE8023xp - ok

21:11:12.0453 4252        SaiH0464        (de7a2fc379671998865122a08fd9db52) C:\WINDOWS\system32\DRIVERS\SaiH0464.sys

21:11:12.0484 4252        SaiH0464 - ok

21:11:12.0500 4252        SaiMini - ok

21:11:12.0515 4252        SaiNtBus - ok

21:11:12.0546 4252        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

21:11:12.0578 4252        Secdrv - ok

21:11:12.0593 4252        serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

21:11:12.0671 4252        serenum - ok

21:11:12.0687 4252        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys

21:11:12.0765 4252        Serial - ok

21:11:12.0796 4252        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

21:11:12.0875 4252        Sfloppy - ok

21:11:12.0875 4252        Simbad - ok

21:11:12.0906 4252        snapman378      (793f65aac52e5eccb83e6d9de054c865) C:\WINDOWS\system32\DRIVERS\snman378.sys

21:11:12.0921 4252        snapman378 - ok

21:11:12.0921 4252        Sparrow - ok

21:11:12.0937 4252        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

21:11:13.0031 4252        splitter - ok

21:11:13.0046 4252        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

21:11:13.0093 4252        sr - ok

21:11:13.0109 4252        Srv             (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys

21:11:13.0125 4252        Srv - ok

21:11:13.0156 4252        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

21:11:13.0234 4252        swenum - ok

21:11:13.0234 4252        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

21:11:13.0328 4252        swmidi - ok

21:11:13.0328 4252        symc810 - ok

21:11:13.0343 4252        symc8xx - ok

21:11:13.0343 4252        sym_hi - ok

21:11:13.0343 4252        sym_u3 - ok

21:11:13.0375 4252        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

21:11:13.0453 4252        sysaudio - ok

21:11:13.0468 4252        Tcpip           (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys

21:11:13.0500 4252        Tcpip - ok

21:11:13.0531 4252        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

21:11:13.0609 4252        TDPIPE - ok

21:11:13.0640 4252        tdrpman124      (1c66bd6c1c2463514635cdd9443eb0e9) C:\WINDOWS\system32\DRIVERS\tdrpm124.sys

21:11:13.0687 4252        tdrpman124 - ok

21:11:13.0703 4252        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

21:11:13.0781 4252        TDTCP - ok

21:11:13.0796 4252        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

21:11:13.0875 4252        TermDD - ok

21:11:13.0890 4252        tifsfilter      (d28aaf9a30b4b1a43310dcbdb4fd13bf) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys

21:11:13.0890 4252        tifsfilter - ok

21:11:13.0906 4252        timounter       (4362215c82a3abe14ebb409289136a8b) C:\WINDOWS\system32\DRIVERS\timntr.sys

21:11:13.0921 4252        timounter - ok

21:11:13.0921 4252        TosIde - ok

21:11:13.0953 4252        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

21:11:14.0031 4252        Udfs - ok

21:11:14.0046 4252        ultra - ok

21:11:14.0062 4252        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

21:11:14.0140 4252        Update - ok

21:11:14.0171 4252        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

21:11:14.0250 4252        usbaudio - ok

21:11:14.0265 4252        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

21:11:14.0359 4252        usbccgp - ok

21:11:14.0359 4252        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

21:11:14.0437 4252        usbehci - ok

21:11:14.0453 4252        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

21:11:14.0546 4252        usbhub - ok

21:11:14.0546 4252        usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

21:11:14.0625 4252        usbohci - ok

21:11:14.0656 4252        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

21:11:14.0750 4252        USBSTOR - ok

21:11:14.0750 4252        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

21:11:14.0859 4252        VgaSave - ok

21:11:14.0859 4252        ViaIde - ok

21:11:14.0875 4252        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

21:11:14.0953 4252        VolSnap - ok

21:11:14.0984 4252        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

21:11:15.0046 4252        Wanarp - ok

21:11:15.0093 4252        Wdf01000        (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

21:11:15.0109 4252        Wdf01000 - ok

21:11:15.0109 4252        WDICA - ok

21:11:15.0125 4252        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

21:11:15.0203 4252        wdmaud - ok

21:11:15.0250 4252        WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

21:11:15.0328 4252        WmiAcpi - ok

21:11:15.0375 4252        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

21:11:15.0406 4252        WpdUsb - ok

21:11:15.0421 4252        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

21:11:15.0453 4252        WudfPf - ok

21:11:15.0453 4252        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

21:11:15.0468 4252        WudfRd - ok

21:11:15.0484 4252        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

21:11:15.0640 4252        \Device\Harddisk0\DR0 - ok

21:11:15.0640 4252        Boot (0x1200)   (ddfa81ffb0b5f6df68589331c0170dc1) \Device\Harddisk0\DR0\Partition0

21:11:15.0640 4252        \Device\Harddisk0\DR0\Partition0 - ok

21:11:15.0671 4252        Boot (0x1200)   (cf4e7cbeb8e7a03a07e7300dafd9c0c3) \Device\Harddisk0\DR0\Partition1

21:11:15.0671 4252        \Device\Harddisk0\DR0\Partition1 - ok

21:11:15.0671 4252        ============================================================

21:11:15.0671 4252        Scan finished

21:11:15.0671 4252        ============================================================

21:11:15.0812 4192        Detected object count: 0

21:11:15.0812 4192        Actual detected object count: 0

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hallo Arne,

Combofix-Scan durchgeführt:

Code:

ComboFix 11-12-08.01 - Kunde 08.12.2011  21:52:22.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2814.1811 [GMT 1:00]

ausgeführt von:: c:\dokumente und einstellungen\Internet\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\muzapp.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-11-08 bis 2011-12-08  ))))))))))))))))))))))))))))))

.

.

2011-12-08 17:14 . 2011-12-08 17:14        --------        d-----w-        C:\_OTL

2011-12-07 21:48 . 2011-12-08 06:58        --------        d-----w-        c:\dokumente und einstellungen\Testkonto

2011-12-06 19:52 . 2011-12-06 19:52        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2011-12-06 19:52 . 2011-08-31 16:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-12-06 19:39 . 2011-12-06 19:39        --------        d-----w-        c:\programme\ESET

2011-12-06 17:35 . 2011-12-06 17:35        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\ATI

2011-12-06 17:34 . 2011-12-06 17:34        --------        d-----w-        c:\programme\AMD APP

2011-12-06 17:33 . 2011-10-26 02:59        311296        ----a-w-        c:\windows\system32\atiiiexx.dll

2011-12-06 17:33 . 2011-10-26 02:06        466944        ----a-w-        c:\windows\system32\ATIDEMGX.dll

2011-12-06 17:32 . 2011-12-06 17:33        --------        d-----w-        c:\programme\ATI Technologies

2011-12-06 17:32 . 2011-12-06 17:32        --------        d-----w-        C:\ATI

2011-12-06 17:22 . 2011-12-06 17:22        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google

2011-12-06 17:19 . 2011-12-06 17:19        --------        d-----w-        c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google

2011-12-06 17:19 . 2011-12-06 17:21        --------        d-----w-        c:\dokumente und einstellungen\Kunde\Lokale Einstellungen\Anwendungsdaten\Google

2011-12-06 17:19 . 2011-12-06 17:21        --------        d-----w-        c:\programme\Google

2011-12-05 18:43 . 2011-12-05 18:43        --------        d-----w-        c:\programme\ATI

2011-12-05 18:03 . 2011-12-05 18:03        --------        d-----w-        c:\windows\system32\wbem\Repository

2011-12-05 17:20 . 2011-12-05 17:20        --------        d-----w-        c:\dokumente und einstellungen\Internet\Anwendungsdaten\Malwarebytes

2011-12-05 17:13 . 2011-12-05 17:13        --------        d-----w-        c:\dokumente und einstellungen\Kunde\Anwendungsdaten\Malwarebytes

2011-12-05 17:12 . 2011-12-05 17:12        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-13 10:14 . 2011-06-04 13:24        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-26 03:01 . 2009-06-03 21:00        7412736        ----a-w-        c:\windows\system32\drivers\ati2mtag.sys

2011-10-26 02:30 . 2011-06-25 08:45        57344        ----a-w-        c:\windows\system32\aticalrt.dll

2011-10-26 02:30 . 2011-06-25 08:45        53248        ----a-w-        c:\windows\system32\aticalcl.dll

2011-10-26 02:27 . 2011-06-25 08:45        5890048        ----a-w-        c:\windows\system32\aticaldd.dll

2011-10-26 02:16 . 2011-06-25 08:45        18968576        ----a-w-        c:\windows\system32\atioglxx.dll

2011-10-26 02:04 . 2009-06-03 19:50        304128        ----a-w-        c:\windows\system32\ati2dvag.dll

2011-10-26 02:04 . 2009-06-03 19:18        4004864        ----a-w-        c:\windows\system32\ati3duag.dll

2011-10-26 01:58 . 2011-06-25 08:45        956160        ----a-w-        c:\windows\system32\ativvamv.dll

2011-10-26 01:44 . 2009-06-03 19:03        3286400        ----a-w-        c:\windows\system32\ativvaxx.dll

2011-10-26 01:44 . 2011-06-25 08:45        212992        ----a-w-        c:\windows\system32\atipdlxx.dll

2011-10-26 01:43 . 2011-06-25 08:45        155648        ----a-w-        c:\windows\system32\Oemdspif.dll

2011-10-26 01:43 . 2011-06-25 08:45        26112        ----a-w-        c:\windows\system32\Ati2mdxx.exe

2011-10-26 01:43 . 2011-06-25 08:45        43520        ----a-w-        c:\windows\system32\ati2edxx.dll

2011-10-26 01:43 . 2011-06-25 08:45        188416        ------w-        c:\windows\system32\ati2evxx.dll

2011-10-26 01:42 . 2011-06-25 08:45        643072        ----a-w-        c:\windows\system32\ati2evxx.exe

2011-10-26 01:40 . 2011-06-25 08:45        53248        ----a-w-        c:\windows\system32\ATIDDC.DLL

2011-10-26 01:39 . 2011-06-25 08:45        159744        ----a-w-        c:\windows\system32\atiapfxx.exe

2011-10-26 01:35 . 2011-06-25 08:45        806912        ----a-w-        c:\windows\system32\atikvmag.dll

2011-10-26 01:34 . 2011-06-25 08:45        499712        ----a-w-        c:\windows\system32\atiok3x2.dll

2011-10-26 01:30 . 2011-06-25 08:45        229376        ------w-        c:\windows\system32\atiadlxx.dll

2011-10-26 01:30 . 2011-06-25 08:45        17408        ----a-w-        c:\windows\system32\atitvo32.dll

2011-10-26 01:25 . 2011-06-25 08:45        65024        ----a-w-        c:\windows\system32\atimpc32.dll

2011-10-26 01:25 . 2011-06-25 08:45        65024        ----a-w-        c:\windows\system32\amdpcom32.dll

2011-10-26 01:24 . 2011-06-25 08:45        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll

2011-10-26 01:24 . 2009-06-03 18:33        884736        ----a-w-        c:\windows\system32\ati2cqag.dll

2011-10-25 20:21 . 2011-10-25 20:21        56832        ----a-w-        c:\windows\system32\OpenVideo.dll

2011-10-25 20:21 . 2011-10-25 20:21        56832        ----a-w-        c:\windows\system32\OVDecoder.dll

2011-10-25 20:20 . 2011-10-25 20:20        13950464        ----a-w-        c:\windows\system32\amdocl.dll

2011-10-10 14:21 . 2009-10-02 18:33        692736        ----a-w-        c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2008-04-14 05:52        604160        ----a-w-        c:\windows\system32\crypt32.dll

2011-09-26 09:41 . 2008-07-29 15:29        614912        ----a-w-        c:\windows\system32\uiautomationcore.dll

2011-09-26 09:41 . 2001-08-23 12:00        23040        ----a-w-        c:\windows\system32\oleaccrc.dll

2011-09-26 09:41 . 2001-08-23 12:00        220160        ----a-w-        c:\windows\system32\oleacc.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2011-05-30 09:33        2495816        ----a-w-        c:\programme\AVG\AVG10\Toolbar\IEToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programme\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programme\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="c:\programme\RocketDock\RocketDock.exe" [2007-09-02 495616]

"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"\\SLAVE\EPSON S22 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGEE.EXE" [2009-09-14 200704]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"TrueImageMonitor.exe"="c:\programme\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-09-15 4353088]

"AcronisTimounterMonitor"="c:\programme\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-09-15 962456]

"ProfilerU"="c:\programme\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 237568]

"SaiMfd"="c:\programme\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"Acronis Scheduler2 Service"="c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" [2008-09-15 165144]

"AVG_TRAY"="c:\programme\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 98304]

"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"OTL"="c:\dokumente und einstellungen\Internet\Desktop\OTL.exe" [2011-12-07 584192]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\

Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-10-30 813584]

.

c:\dokumente und einstellungen\Testkonto\Startmenü\Programme\Autostart\

Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-10-30 813584]

.

c:\dokumente und einstellungen\Kunde\Eigene Dateien\Startmenü\Programme\Autostart\

Logitech . Produktregistrierung.lnk.disabled [2009-11-1 967]

.

c:\dokumente und einstellungen\Internet\Startmenü\Programme\Autostart\

Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-10-30 813584]

.

c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\

Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-10-30 813584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-07-20 11:28        72208        ----a-w-        c:\programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"NBKeyScan"="c:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

"RTHDCPL"=RTHDCPL.EXE

"<NO NAME>"=

"RemoteControl"=c:\programme\CyberLink\PowerDVD\PDVDServ.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\Bonjour\\mDNSResponder.exe"=

"d:\\xampp\\apache\\bin\\httpd.exe"=

"d:\\xampp\\mysql\\bin\\mysqld.exe"=

"c:\\Programme\\Civilization 4\\Civilization4.exe"=

"c:\\Programme\\Civilization 4\\Warlords\\Civ4Warlords.exe"=

"c:\\Programme\\Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=

"c:\\Programme\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=

"c:\\Programme\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=

"d:\\PokerTH\\pokerth.exe"=

"c:\\Programme\\Opera\\opera.exe"=

"c:\\Programme\\AVG\\AVG10\\avgmfapx.exe"=

"c:\\Programme\\AVG\\AVG10\\avgdiagex.exe"=

"c:\\Programme\\AVG\\AVG10\\avgnsx.exe"=

"c:\\Programme\\AVG\\AVG10\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7234:TCP"= 7234:TCP:PokerTH

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.09.2010 16:27 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07.09.2010 03:48 32592]

R0 snapman378;Acronis Snapshots Manager (Build 378);c:\windows\system32\drivers\snman378.sys [02.10.2009 16:31 134272]

R0 tdrpman124;Acronis Try&Decide and Restore Points filter (build 124);c:\windows\system32\drivers\tdrpm124.sys [02.10.2009 16:31 950848]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07.09.2010 03:48 248656]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07.09.2010 03:49 297168]

R2 AVGIDSAgent;AVGIDSAgent;c:\programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18.08.2011 00:33 7390560]

R2 avgwd;AVG WatchDog;c:\programme\AVG\AVG10\avgwdsvc.exe [08.02.2011 04:33 269520]

R2 BCUService;Browser Configuration Utility Service;c:\programme\DeviceVM\Browser Configuration Utility\BCUService.exe [02.10.2009 19:45 212232]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [30.10.2009 15:23 10384]

R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [06.12.2011 20:52 366152]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19.08.2010 21:42 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19.08.2010 21:42 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19.08.2010 21:42 27216]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06.12.2011 20:52 22216]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [02.10.2009 19:51 1684736]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programme\AVG\AVG10\Toolbar\ToolbarBroker.exe [02.05.2011 16:30 1025352]

S3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [01.05.2007 12:07 132232]

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 80359664

*Deregistered* - 80359664

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://google.com/

uInternet Settings,ProxyOverride = *.local

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9CB959E8-144F-4860-9715-EA9E319418F3}: NameServer = 213.73.91.35,194.95.202.198

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\programme\AVG\AVG10\Toolbar\IEToolbar.dll

FF - ProfilePath - c:\dokumente und einstellungen\Kunde\Anwendungsdaten\Mozilla\Firefox\Profiles\xwlrh1o1.default\

FF - prefs.js: browser.startup.homepage - hxxp://yahoo.de

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-12-08 21:55

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-1060284298-1214440339-682003330-1004\Software\Microsoft\Windows\CurrentVersion\UnreadMail\e-post@um-fritz.de]

@Denied: (Full) (Administrators)

"MessageCount"=dword:00000004

"TimeStamp"=hex:7e,b6,8e,70,5f,a0,ca,01

"Application"="%SystemDrive%\\PROGRA~1\\MICROS~2\\OFFICE11\\OUTLOOK.EXE /profile Outlook"

"MessageExpiryDays"=dword:00000000

.

[HKEY_USERS\S-1-5-21-1060284298-1214440339-682003330-1004\Software\Microsoft\Windows\CurrentVersion\UnreadMail\uli.fritz@t-online.de]

@Denied: (Full) (Administrators)

"MessageCount"=dword:00000003

"TimeStamp"=hex:ea,8a,e4,3c,7a,4f,cb,01

"Application"="%SystemDrive%\\PROGRA~1\\MICROS~2\\OFFICE11\\OUTLOOK.EXE /profile Outlook"

"MessageExpiryDays"=dword:00000000

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'winlogon.exe'(1032)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll

c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTServ.dll

.

Zeit der Fertigstellung: 2011-12-08  21:57:04

ComboFix-quarantined-files.txt  2011-12-08 20:57

.

Vor Suchlauf: 8 Verzeichnis(se), 230.386.352.128 Bytes frei

Nach Suchlauf: 10 Verzeichnis(se), 230.454.505.472 Bytes frei

.

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - E86357970FB75FB912E7FB58960169CB

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Hallo Arne,

die drei Schritte abgearbeitet:

Gmer:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2011-12-09 19:28:53

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST31000528AS rev.CC35

Running: 8d2wyc5l.exe; Driver: C:\DOKUME~1\Kunde\LOKALE~1\Temp\pgtdypog.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwOpenProcess [0xBA3E9738]

SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateProcess [0xBA3E97DC]

SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateThread [0xBA3E9878]

SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwWriteVirtualMemory [0xBA3E9914]
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                                    section is writeable [0xB41C7000, 0x2BCD8C, 0xE8000020]
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                      tdrpm124.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                      AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                   avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                                                      tdrpm124.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                                                      tdrpm124.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                   avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                 avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
 

---- EOF - GMER 1.0.15 ----

Osam

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 19:43:27 on 09.12.2011
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 8.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Boot Execute]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----

"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgrsx.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Oracle Corporation" - C:\WINDOWS\system32\javacpl.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Acronis Snapshots Manager (Build 378)" (snapman378) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snman378.sys

"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\timntr.sys

"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys

"Acronis Try&Decide and Restore Points filter (build 124)" (tdrpman124) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tdrpm124.sys

"AVG Anti-Rootkit Driver" (Avgrkx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgrkx86.sys

"AVG AVI Loader Driver" (Avgldx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgldx86.sys

"AVG Mini-Filter Resident Anti-Virus Shield" (Avgmfx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgmfx86.sys

"AVG TDI Driver" (Avgtdix) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgtdix.sys

"AVGIDSDriver" (AVGIDSDriver) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSDriver.Sys

"AVGIDSEH" (AVGIDSEH) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSEH.Sys

"AVGIDSFilter" (AVGIDSFilter) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSFilter.Sys

"AVGIDSShim" (AVGIDSShim) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSShim.Sys

"catchme" (catchme) - ? - C:\DOKUME~1\Kunde\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"gdrv" (gdrv) - ? - C:\WINDOWS\gdrv.sys  (File not found)

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"LBeepKE" (LBeepKE) - "Logitech, Inc." - C:\WINDOWS\System32\Drivers\LBeepKE.sys

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"pgtdypog" (pgtdypog) - ? - C:\DOKUME~1\Kunde\LOKALE~1\Temp\pgtdypog.sys  (Hidden registry entry, rootkit activity | File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"SaiH0464" (SaiH0464) - "Saitek" - C:\WINDOWS\System32\DRIVERS\SaiH0464.sys

"SaiMini" (SaiMini) - ? - C:\WINDOWS\System32\DRIVERS\SaiMini.sys  (File not found)

"SaiNtBus" (SaiNtBus) - ? - C:\WINDOWS\System32\drivers\SaiBus.sys  (File not found)

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{F2DDE6B2-9684-4A55-86D4-E255E237B77C} "avgsecuritytoolbar" - ? - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgpp.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Programme\Acronis\TrueImageHome\tishell.dll

{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - C:\Programme\Acronis\TrueImageHome\tishell.dll

{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? -   (File not found | COM-object registry key not found)

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgse.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)

{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dBpoweramp Music Converter" - ? -   (File not found | COM-object registry key not found)

{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\kbcplext.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\mcplext.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL

{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

{e57ce731-33e8-4c51-8354-bb4de9d215d1} "Universelle Plug & Play-Geräte" - ? -   (File not found | COM-object registry key not found)

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"Klicke hier um das Projekt xp-AntiSpy zu unterstützen" - ? - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "AVG Security Toolbar" - ? - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----

{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} "SearchHook Class" - "DeviceVM, Inc." - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} "BDSCANONLINE Control" - "BitDefender" - C:\WINDOWS\DOWNLO~1\oscan82.ocx / hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab

{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.7.0" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\npjpi170.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0" - ? - \bin\npjpi170.dll  (File not found) / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

"Exec" - ? - C:\WINDOWS\bdoscandel.exe  (File found, but it contains no detailed information)

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "AVG Security Toolbar" - ? - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgssie.dll

{A3BC75A2-1F87-4686-AA43-5347D756017C} "AVG Security Toolbar BHO" - ? - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll

{DD92DE22-ED91-4560-B788-DEE2B26612E6} "BHO Class" - "DeviceVM, Inc." - C:\Programme\DeviceVM\Browser Configuration Utility\IEHelper.dll

{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\SetPoint.exe  (Shortcut exists | File exists)

-----( %UserProfile%\Eigene Dateien\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Kunde\Eigene Dateien\Startmenü\Programme\Autostart\desktop.ini

"Logitech . Produktregistrierung.lnk.disabled" - ? - C:\Dokumente und Einstellungen\Kunde\Eigene Dateien\Startmenü\Programme\Autostart\Logitech . Produktregistrierung.lnk.disabled

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"RocketDock" - ? - "C:\Programme\RocketDock\RocketDock.exe"  (File found, but it contains no detailed information)

"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

"\\SLAVE\EPSON S22 Series" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGEE.EXE /FU "C:\DOKUME~1\Kunde\LOKALE~1\Temp\E_S10.tmp" /EF "HKCU"

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Acronis Scheduler2 Service" - "Acronis" - "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"

"AcronisTimounterMonitor" - "Acronis" - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"AVG_TRAY" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgtray.exe

"DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe

"ProfilerU" - "Saitek" - C:\Programme\Saitek\SD6\Software\ProfilerU.exe

"SaiMfd" - "Saitek" - C:\Programme\Saitek\SD6\Software\SaiMfd.exe

"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

"TrueImageMonitor.exe" - "Acronis" - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Adobe PDF Port" - ? - C:\WINDOWS\system32\AdobePDF.dll  (File not found)

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" (Bonjour Service) - "Apple Computer, Inc." - C:\Programme\Bonjour\mDNSResponder.exe

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"AVG Security Toolbar Service" (AVG Security Toolbar Service) - ? - C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe

"AVG WatchDog" (avgwd) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgwdsvc.exe

"AVGIDSAgent" (AVGIDSAgent) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

"Browser Configuration Utility Service" (BCUService) - "DeviceVM, Inc." - C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe

"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe

"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"LBTWlgn" - "Logitech, Inc." - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll

"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Computer, Inc." - C:\Programme\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR:

Code:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software

Run date: 2011-12-09 19:45:43

-----------------------------

19:45:43.765    OS Version: Windows 5.1.2600 Service Pack 3

19:45:43.765    Number of processors: 2 586 0x4303

19:45:43.765    ComputerName: MAIN  UserName: 

19:45:44.437    Initialize success

19:48:00.296    AVAST engine defs: 11120901

19:48:30.484    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

19:48:30.484    Disk 0 Vendor: ST31000528AS CC35 Size: 953869MB BusType: 3

19:48:32.546    Disk 0 MBR read successfully

19:48:32.546    Disk 0 MBR scan

19:48:32.562    Disk 0 Windows XP default MBR code

19:48:32.593    Disk 0 scanning sectors +1953520065

19:48:32.734    Disk 0 scanning C:\WINDOWS\system32\drivers

19:48:53.796    Service scanning

19:48:54.515    Modules scanning

19:49:21.843    Disk 0 trace - called modules:

19:49:21.890    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 

19:49:21.890    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a2c4ab8]

19:49:21.890    3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000006b[0x8a321510]

19:49:22.406    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a2cb940]

19:49:23.015    AVAST engine scan C:\WINDOWS

19:49:51.406    AVAST engine scan C:\WINDOWS\system32

19:52:10.046    AVAST engine scan C:\WINDOWS\system32\drivers

19:52:31.078    AVAST engine scan C:\Dokumente und Einstellungen\Kunde

19:54:43.781    AVAST engine scan C:\Dokumente und Einstellungen\All Users

19:56:30.734    Scan finished successfully

19:56:57.375    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Internet\Desktop\MBR.dat"

19:56:57.375    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Internet\Desktop\aswMBR.txt"

So far, so good?

Der Bootmanager geht im übrigen wieder, was Du aber sicher schon geahnt hast. Nur die USB-Tastatur Eingaben erkennt er noch nicht.
Danke für Deine Hilfe!

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hallo Arne,

die drei Schritte erledigt.
MBAM Vollscan:

Code:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 8346
 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702
 

10.12.2011 11:04:15

mbam-log-2011-12-10 (11-04-08).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Durchsuchte Objekte: 395444

Laufzeit: 31 Minute(n), 46 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 2
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

c:\system volume information\_restore{e4c233ae-6714-4744-9e50-dbe1a7bc66ef}\RP456\A0115932.exe (Trojan.FakeAlert) -> No action taken.

c:\system volume information\_restore{e4c233ae-6714-4744-9e50-dbe1a7bc66ef}\RP456\A0115933.exe (Rogue.FakeHDD) -> No action taken.

SAS Vollscan

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 12/10/2011 at 11:50 AM
 

Application Version : 5.0.1136
 

Core Rules Database Version : 8038

Trace Rules Database Version: 5850
 

Scan type       : Complete Scan

Total Scan Time : 00:31:14
 

Operating System Information

Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)

Administrator
 

Memory items scanned      : 474

Memory threats detected   : 0

Registry items scanned    : 39230

Registry threats detected : 0

File items scanned        : 69747

File threats detected     : 2
 

Trojan.Agent/Gen-FakeAlert

        C:\SYSTEM VOLUME INFORMATION\_RESTORE{E4C233AE-6714-4744-9E50-DBE1A7BC66EF}\RP456\A0115932.EXE

        C:\SYSTEM VOLUME INFORMATION\_RESTORE{E4C233AE-6714-4744-9E50-DBE1A7BC66EF}\RP456\A0115933.EXE

ESET Vollscan: (Da ist der Scan vom 6.12. mit gelistet)

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=23f9784fc526b4489db3de8d1f5c3bf4

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-12-06 09:10:46

# local_time=2011-12-06 10:10:46 (+0100, Westeuropäische Normalzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1032 16777189 100 96 13067 66368682 0 0

# compatibility_mode=8192 67108863 100 0 4189 4189 0 0

# scanned=153857

# found=6

# cleaned=0

# scan_time=4908

C:\Dokumente und Einstellungen\Internet\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\15\6e1ca1cf-161b0e1f        a variant of Java/TrojanDownloader.OpenConnection.MU trojan (unable to clean)        00000000000000000000000000000000        I

C:\Dokumente und Einstellungen\Internet\Lokale Einstellungen\Temp\CDBurnerXP-updates\cdbxp_setup_4.3.8.2568.exe        Win32/OpenCandy application (unable to clean)        00000000000000000000000000000000        I

D:\Sicher\gamers_irc405.exe        probably a variant of Win32/Adware.Agent.CZTDWWN application (unable to clean)        00000000000000000000000000000000        I

D:\Sicher\GermanFunScript.zip        Win32/NetTool.NukeNabber.29 application (unable to clean)        00000000000000000000000000000000        I

D:\Sicher\UT\ts2_client_rc1.exe        multiple threats (unable to clean)        00000000000000000000000000000000        I

D:\software\winamp5601_full_emusic-7plus_de-de.exe        Win32/OpenCandy application (unable to clean)        00000000000000000000000000000000        I

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=23f9784fc526b4489db3de8d1f5c3bf4

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-12-10 12:26:29

# local_time=2011-12-10 01:26:29 (+0100, Westeuropäische Normalzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1032 16777189 100 96 11889 66682485 0 0

# compatibility_mode=8192 67108863 100 0 317992 317992 0 0

# scanned=165562

# found=6

# cleaned=0

# scan_time=5248

C:\System Volume Information\_restore{E4C233AE-6714-4744-9E50-DBE1A7BC66EF}\RP456\A0115932.exe        a variant of Win32/Kryptik.WQS trojan (unable to clean)        00000000000000000000000000000000        I

C:\System Volume Information\_restore{E4C233AE-6714-4744-9E50-DBE1A7BC66EF}\RP456\A0115933.exe        a variant of Win32/Kryptik.WQS trojan (unable to clean)        00000000000000000000000000000000        I

D:\Sicher\gamers_irc405.exe        probably a variant of Win32/Adware.Agent.CZTDWWN application (unable to clean)        00000000000000000000000000000000        I

D:\Sicher\GermanFunScript.zip        Win32/NetTool.NukeNabber.29 application (unable to clean)        00000000000000000000000000000000        I

D:\Sicher\UT\ts2_client_rc1.exe        multiple threats (unable to clean)        00000000000000000000000000000000        I

D:\software\winamp5601_full_emusic-7plus_de-de.exe        Win32/OpenCandy application (unable to clean)        00000000000000000000000000000000        I

In System Volume Information sind die Dateien für Wiederherstellungspunkte gespeichert.

Deaktiviere die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des Systems durch einen Wiederherstellungspunkt wahrscheinlich wieder eine Infektion nach sich ziehen würde.

Hallo Arne,

herzlichen Glückwunsch zum Geburtstag! :party:

Systemwiederherstellungspunkte gelöscht.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{4f261ea7-2056-11e1-975f-9b6463f8e70b}\Shell - "" = AutoRun

O33 - MountPoints2\{4f261ea7-2056-11e1-975f-9b6463f8e70b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{89bc54a4-205a-11e1-b675-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{89bc54a4-205a-11e1-b675-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe autoplay=true

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

OTL - Log:

Code:

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f261ea7-2056-11e1-975f-9b6463f8e70b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f261ea7-2056-11e1-975f-9b6463f8e70b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f261ea7-2056-11e1-975f-9b6463f8e70b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f261ea7-2056-11e1-975f-9b6463f8e70b}\ not found.

File E:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89bc54a4-205a-11e1-b675-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89bc54a4-205a-11e1-b675-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89bc54a4-205a-11e1-b675-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89bc54a4-205a-11e1-b675-806e6f6e6963}\ not found.

File D:\Setup.exe autoplay=true not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Gast

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: INet

->Temp folder emptied: 184380 bytes

->Temporary Internet Files folder emptied: 706612 bytes

->FireFox cache emptied: 38045640 bytes

->Flash cache emptied: 470 bytes

 

User: Internet

->Temp folder emptied: 734775133 bytes

->Temporary Internet Files folder emptied: 110137 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 37478387 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Kunde

->Temp folder emptied: 53664745 bytes

->Temporary Internet Files folder emptied: 49549150 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 9573521 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 456 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33062 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 12088728 bytes

RecycleBin emptied: 58573168 bytes

 

Total Files Cleaned = 949,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 12122011_134127
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Modus!) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

TDSSKiller:

Code:

14:18:14.0421 2496        TDSS rootkit removing tool 2.6.22.0 Dec  7 2011 13:21:06

14:18:14.0750 2496        ============================================================

14:18:14.0750 2496        Current date / time: 2011/12/12 14:18:14.0750

14:18:14.0750 2496        SystemInfo:

14:18:14.0750 2496        

14:18:14.0750 2496        OS Version: 5.1.2600 ServicePack: 3.0

14:18:14.0750 2496        Product type: Workstation

14:18:14.0750 2496        ComputerName: MAIN

14:18:14.0750 2496        UserName: Kunde

14:18:14.0750 2496        Windows directory: C:\WINDOWS

14:18:14.0750 2496        System windows directory: C:\WINDOWS

14:18:14.0750 2496        Processor architecture: Intel x86

14:18:14.0750 2496        Number of processors: 2

14:18:14.0750 2496        Page size: 0x1000

14:18:14.0750 2496        Boot type: Normal boot

14:18:14.0750 2496        ============================================================

14:18:15.0796 2496        Initialize success

14:18:33.0875 4980        ============================================================

14:18:33.0875 4980        Scan started

14:18:33.0875 4980        Mode: Manual; SigCheck; TDLFS; 

14:18:33.0875 4980        ============================================================

14:18:34.0218 4980        Abiosdsk - ok

14:18:34.0218 4980        abp480n5 - ok

14:18:34.0265 4980        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

14:18:34.0796 4980        ACPI - ok

14:18:34.0812 4980        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

14:18:34.0890 4980        ACPIEC - ok

14:18:34.0906 4980        adpu160m - ok

14:18:34.0953 4980        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

14:18:35.0015 4980        aec - ok

14:18:35.0046 4980        AFD             (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys

14:18:35.0078 4980        AFD - ok

14:18:35.0093 4980        Aha154x - ok

14:18:35.0093 4980        aic78u2 - ok

14:18:35.0109 4980        aic78xx - ok

14:18:35.0125 4980        AliIde - ok

14:18:35.0171 4980        Ambfilt         (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys

14:18:35.0265 4980        Ambfilt - ok

14:18:35.0281 4980        AmdK8           (58be3c2f1aa041ea56f7305a6463035c) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

14:18:35.0296 4980        AmdK8 - ok

14:18:35.0312 4980        amsint - ok

14:18:35.0359 4980        Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

14:18:35.0421 4980        Arp1394 - ok

14:18:35.0437 4980        asc - ok

14:18:35.0437 4980        asc3350p - ok

14:18:35.0453 4980        asc3550 - ok

14:18:35.0484 4980        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

14:18:35.0562 4980        AsyncMac - ok

14:18:35.0578 4980        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

14:18:35.0656 4980        atapi - ok

14:18:35.0671 4980        Atdisk - ok

14:18:35.0796 4980        ati2mtag        (f27a0b0d1373d36d866f29b434b7aa92) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

14:18:35.0968 4980        ati2mtag - ok

14:18:35.0984 4980        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

14:18:36.0062 4980        Atmarpc - ok

14:18:36.0093 4980        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

14:18:36.0171 4980        audstub - ok

14:18:36.0218 4980        AVGIDSDriver    (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

14:18:36.0359 4980        AVGIDSDriver - ok

14:18:36.0375 4980        AVGIDSEH        (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

14:18:36.0375 4980        AVGIDSEH - ok

14:18:36.0390 4980        AVGIDSFilter    (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

14:18:36.0406 4980        AVGIDSFilter - ok

14:18:36.0437 4980        AVGIDSShim      (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

14:18:36.0437 4980        AVGIDSShim - ok

14:18:36.0453 4980        Avgldx86        (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

14:18:36.0468 4980        Avgldx86 - ok

14:18:36.0468 4980        Avgmfx86        (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

14:18:36.0484 4980        Avgmfx86 - ok

14:18:36.0500 4980        Avgrkx86        (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

14:18:36.0515 4980        Avgrkx86 - ok

14:18:36.0546 4980        Avgtdix         (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

14:18:36.0546 4980        Avgtdix - ok

14:18:36.0593 4980        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

14:18:36.0656 4980        Beep - ok

14:18:36.0734 4980        catchme - ok

14:18:36.0765 4980        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

14:18:36.0859 4980        cbidf2k - ok

14:18:36.0875 4980        cd20xrnt - ok

14:18:36.0875 4980        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

14:18:36.0968 4980        Cdaudio - ok

14:18:36.0984 4980        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

14:18:37.0093 4980        Cdfs - ok

14:18:37.0109 4980        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

14:18:37.0187 4980        Cdrom - ok

14:18:37.0187 4980        Changer - ok

14:18:37.0218 4980        CmdIde - ok

14:18:37.0234 4980        Cpqarray - ok

14:18:37.0234 4980        dac2w2k - ok

14:18:37.0250 4980        dac960nt - ok

14:18:37.0265 4980        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

14:18:37.0343 4980        Disk - ok

14:18:37.0375 4980        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

14:18:37.0484 4980        dmboot - ok

14:18:37.0484 4980        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

14:18:37.0562 4980        dmio - ok

14:18:37.0578 4980        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

14:18:37.0656 4980        dmload - ok

14:18:37.0687 4980        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

14:18:37.0765 4980        DMusic - ok

14:18:37.0781 4980        dpti2o - ok

14:18:37.0781 4980        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

14:18:37.0875 4980        drmkaud - ok

14:18:37.0906 4980        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

14:18:37.0984 4980        Fastfat - ok

14:18:38.0000 4980        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

14:18:38.0093 4980        Fdc - ok

14:18:38.0093 4980        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

14:18:38.0187 4980        Fips - ok

14:18:38.0203 4980        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

14:18:38.0296 4980        Flpydisk - ok

14:18:38.0312 4980        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

14:18:38.0406 4980        FltMgr - ok

14:18:38.0421 4980        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

14:18:38.0500 4980        Fs_Rec - ok

14:18:38.0500 4980        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

14:18:38.0578 4980        Ftdisk - ok

14:18:38.0593 4980        gdrv - ok

14:18:38.0593 4980        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

14:18:38.0671 4980        Gpc - ok

14:18:38.0703 4980        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

14:18:38.0781 4980        HDAudBus - ok

14:18:38.0812 4980        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

14:18:38.0906 4980        hidusb - ok

14:18:38.0906 4980        hpn - ok

14:18:38.0937 4980        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

14:18:38.0984 4980        HTTP - ok

14:18:38.0984 4980        i2omgmt - ok

14:18:39.0000 4980        i2omp - ok

14:18:39.0015 4980        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

14:18:39.0093 4980        i8042prt - ok

14:18:39.0093 4980        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

14:18:39.0187 4980        Imapi - ok

14:18:39.0203 4980        ini910u - ok

14:18:39.0296 4980        IntcAzAudAddService (0c5a04f0ffaebc25ac815ee14441a8cb) C:\WINDOWS\system32\drivers\RtkHDAud.sys

14:18:39.0421 4980        IntcAzAudAddService - ok

14:18:39.0453 4980        IntelIde - ok

14:18:39.0468 4980        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

14:18:39.0546 4980        Ip6Fw - ok

14:18:39.0578 4980        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

14:18:39.0656 4980        IpFilterDriver - ok

14:18:39.0671 4980        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

14:18:39.0750 4980        IpInIp - ok

14:18:39.0765 4980        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

14:18:39.0843 4980        IpNat - ok

14:18:39.0843 4980        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

14:18:39.0937 4980        IPSec - ok

14:18:39.0953 4980        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

14:18:40.0000 4980        IRENUM - ok

14:18:40.0015 4980        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

14:18:40.0093 4980        isapnp - ok

14:18:40.0109 4980        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

14:18:40.0218 4980        Kbdclass - ok

14:18:40.0234 4980        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

14:18:40.0312 4980        kbdhid - ok

14:18:40.0312 4980        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

14:18:40.0390 4980        kmixer - ok

14:18:40.0406 4980        KSecDD          (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys

14:18:40.0437 4980        KSecDD - ok

14:18:40.0468 4980        LBeepKE         (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys

14:18:40.0484 4980        LBeepKE - ok

14:18:40.0484 4980        lbrtfdc - ok

14:18:40.0500 4980        LHidFilt        (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

14:18:40.0500 4980        LHidFilt - ok

14:18:40.0515 4980        LMouFilt        (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

14:18:40.0531 4980        LMouFilt - ok

14:18:40.0546 4980        LUsbFilt        (77030525cd86a93f1af34fa9b96d33ce) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys

14:18:40.0546 4980        LUsbFilt - ok

14:18:40.0578 4980        MBAMProtector   (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

14:18:40.0578 4980        MBAMProtector - ok

14:18:40.0609 4980        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

14:18:40.0687 4980        mnmdd - ok

14:18:40.0703 4980        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

14:18:40.0781 4980        Modem - ok

14:18:40.0812 4980        Monfilt         (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys

14:18:40.0875 4980        Monfilt - ok

14:18:40.0875 4980        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

14:18:40.0953 4980        Mouclass - ok

14:18:40.0968 4980        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

14:18:41.0046 4980        mouhid - ok

14:18:41.0062 4980        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

14:18:41.0125 4980        MountMgr - ok

14:18:41.0140 4980        mraid35x - ok

14:18:41.0140 4980        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

14:18:41.0234 4980        MRxDAV - ok

14:18:41.0250 4980        MRxSmb          (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

14:18:41.0281 4980        MRxSmb - ok

14:18:41.0296 4980        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

14:18:41.0375 4980        Msfs - ok

14:18:41.0406 4980        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

14:18:41.0484 4980        MSKSSRV - ok

14:18:41.0484 4980        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

14:18:41.0578 4980        MSPCLOCK - ok

14:18:41.0578 4980        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

14:18:41.0656 4980        MSPQM - ok

14:18:41.0671 4980        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

14:18:41.0765 4980        mssmbios - ok

14:18:41.0765 4980        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

14:18:41.0796 4980        Mup - ok

14:18:41.0812 4980        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

14:18:41.0890 4980        NDIS - ok

14:18:41.0906 4980        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

14:18:41.0921 4980        NdisTapi - ok

14:18:41.0937 4980        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

14:18:42.0015 4980        Ndisuio - ok

14:18:42.0031 4980        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

14:18:42.0109 4980        NdisWan - ok

14:18:42.0125 4980        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

14:18:42.0140 4980        NDProxy - ok

14:18:42.0140 4980        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

14:18:42.0234 4980        NetBIOS - ok

14:18:42.0234 4980        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

14:18:42.0312 4980        NetBT - ok

14:18:42.0343 4980        NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

14:18:42.0437 4980        NIC1394 - ok

14:18:42.0453 4980        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

14:18:42.0531 4980        Npfs - ok

14:18:42.0562 4980        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

14:18:42.0640 4980        Ntfs - ok

14:18:42.0671 4980        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

14:18:42.0750 4980        Null - ok

14:18:42.0765 4980        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

14:18:42.0843 4980        NwlnkFlt - ok

14:18:42.0843 4980        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

14:18:42.0921 4980        NwlnkFwd - ok

14:18:42.0937 4980        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

14:18:43.0015 4980        ohci1394 - ok

14:18:43.0031 4980        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys

14:18:43.0109 4980        Parport - ok

14:18:43.0109 4980        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

14:18:43.0187 4980        PartMgr - ok

14:18:43.0203 4980        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

14:18:43.0281 4980        ParVdm - ok

14:18:43.0281 4980        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

14:18:43.0375 4980        PCI - ok

14:18:43.0390 4980        PCIDump - ok

14:18:43.0390 4980        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

14:18:43.0468 4980        PCIIde - ok

14:18:43.0484 4980        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

14:18:43.0562 4980        Pcmcia - ok

14:18:43.0578 4980        PDCOMP - ok

14:18:43.0578 4980        PDFRAME - ok

14:18:43.0593 4980        PDRELI - ok

14:18:43.0593 4980        PDRFRAME - ok

14:18:43.0609 4980        perc2 - ok

14:18:43.0609 4980        perc2hib - ok

14:18:43.0640 4980        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

14:18:43.0718 4980        PptpMiniport - ok

14:18:43.0734 4980        Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys

14:18:43.0812 4980        Processor - ok

14:18:43.0828 4980        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

14:18:43.0906 4980        PSched - ok

14:18:43.0921 4980        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

14:18:43.0984 4980        Ptilink - ok

14:18:44.0000 4980        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

14:18:44.0015 4980        PxHelp20 - ok

14:18:44.0015 4980        ql1080 - ok

14:18:44.0031 4980        Ql10wnt - ok

14:18:44.0031 4980        ql12160 - ok

14:18:44.0046 4980        ql1240 - ok

14:18:44.0046 4980        ql1280 - ok

14:18:44.0062 4980        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

14:18:44.0140 4980        RasAcd - ok

14:18:44.0156 4980        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

14:18:44.0234 4980        Rasl2tp - ok

14:18:44.0234 4980        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

14:18:44.0328 4980        RasPppoe - ok

14:18:44.0328 4980        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

14:18:44.0406 4980        Raspti - ok

14:18:44.0406 4980        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

14:18:44.0484 4980        Rdbss - ok

14:18:44.0500 4980        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

14:18:44.0578 4980        RDPCDD - ok

14:18:44.0609 4980        rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

14:18:44.0671 4980        rdpdr - ok

14:18:44.0703 4980        RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

14:18:44.0718 4980        RDPWD - ok

14:18:44.0750 4980        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

14:18:44.0828 4980        redbook - ok

14:18:44.0921 4980        RTHDMIAzAudService (1674a34f0084bffdec2dcdb1625a87f0) C:\WINDOWS\system32\drivers\RtKHDMI.sys

14:18:45.0015 4980        RTHDMIAzAudService - ok

14:18:45.0031 4980        RTLE8023xp      (00fd6811350e175585abcf7d4a61dd90) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

14:18:45.0046 4980        RTLE8023xp - ok

14:18:45.0093 4980        SaiH0464        (de7a2fc379671998865122a08fd9db52) C:\WINDOWS\system32\DRIVERS\SaiH0464.sys

14:18:45.0093 4980        SaiH0464 - ok

14:18:45.0109 4980        SaiMini - ok

14:18:45.0125 4980        SaiNtBus - ok

14:18:45.0187 4980        SASDIFSV        (39763504067962108505bff25f024345) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS

14:18:45.0203 4980        SASDIFSV - ok

14:18:45.0203 4980        SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS

14:18:45.0218 4980        SASKUTIL - ok

14:18:45.0250 4980        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

14:18:45.0281 4980        Secdrv - ok

14:18:45.0296 4980        serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

14:18:45.0359 4980        serenum - ok

14:18:45.0375 4980        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys

14:18:45.0468 4980        Serial - ok

14:18:45.0500 4980        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

14:18:45.0578 4980        Sfloppy - ok

14:18:45.0593 4980        Simbad - ok

14:18:45.0625 4980        snapman378      (793f65aac52e5eccb83e6d9de054c865) C:\WINDOWS\system32\DRIVERS\snman378.sys

14:18:45.0640 4980        snapman378 - ok

14:18:45.0640 4980        Sparrow - ok

14:18:45.0656 4980        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

14:18:45.0734 4980        splitter - ok

14:18:45.0750 4980        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

14:18:45.0781 4980        sr - ok

14:18:45.0812 4980        Srv             (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys

14:18:45.0828 4980        Srv - ok

14:18:45.0859 4980        StarOpen        (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys

14:18:45.0875 4980        StarOpen ( UnsignedFile.Multi.Generic ) - warning

14:18:45.0875 4980        StarOpen - detected UnsignedFile.Multi.Generic (1)

14:18:45.0890 4980        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

14:18:45.0968 4980        swenum - ok

14:18:45.0984 4980        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

14:18:46.0062 4980        swmidi - ok

14:18:46.0078 4980        symc810 - ok

14:18:46.0078 4980        symc8xx - ok

14:18:46.0093 4980        sym_hi - ok

14:18:46.0093 4980        sym_u3 - ok

14:18:46.0125 4980        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

14:18:46.0187 4980        sysaudio - ok

14:18:46.0234 4980        Tcpip           (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys

14:18:46.0265 4980        Tcpip - ok

14:18:46.0296 4980        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

14:18:46.0375 4980        TDPIPE - ok

14:18:46.0406 4980        tdrpman124      (1c66bd6c1c2463514635cdd9443eb0e9) C:\WINDOWS\system32\DRIVERS\tdrpm124.sys

14:18:46.0437 4980        tdrpman124 - ok

14:18:46.0453 4980        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

14:18:46.0531 4980        TDTCP - ok

14:18:46.0546 4980        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

14:18:46.0625 4980        TermDD - ok

14:18:46.0640 4980        tifsfilter      (d28aaf9a30b4b1a43310dcbdb4fd13bf) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys

14:18:46.0640 4980        tifsfilter - ok

14:18:46.0656 4980        timounter       (4362215c82a3abe14ebb409289136a8b) C:\WINDOWS\system32\DRIVERS\timntr.sys

14:18:46.0687 4980        timounter - ok

14:18:46.0687 4980        TosIde - ok

14:18:46.0750 4980        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

14:18:46.0828 4980        Udfs - ok

14:18:46.0828 4980        ultra - ok

14:18:46.0843 4980        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

14:18:46.0921 4980        Update - ok

14:18:46.0968 4980        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

14:18:47.0062 4980        usbaudio - ok

14:18:47.0062 4980        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

14:18:47.0140 4980        usbccgp - ok

14:18:47.0140 4980        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

14:18:47.0218 4980        usbehci - ok

14:18:47.0218 4980        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

14:18:47.0296 4980        usbhub - ok

14:18:47.0312 4980        usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

14:18:47.0390 4980        usbohci - ok

14:18:47.0421 4980        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

14:18:47.0500 4980        USBSTOR - ok

14:18:47.0515 4980        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

14:18:47.0593 4980        VgaSave - ok

14:18:47.0609 4980        ViaIde - ok

14:18:47.0609 4980        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

14:18:47.0687 4980        VolSnap - ok

14:18:47.0703 4980        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

14:18:47.0781 4980        Wanarp - ok

14:18:47.0812 4980        Wdf01000        (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

14:18:47.0828 4980        Wdf01000 - ok

14:18:47.0843 4980        WDICA - ok

14:18:47.0875 4980        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

14:18:47.0937 4980        wdmaud - ok

14:18:47.0968 4980        WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

14:18:48.0046 4980        WmiAcpi - ok

14:18:48.0093 4980        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

14:18:48.0125 4980        WpdUsb - ok

14:18:48.0140 4980        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

14:18:48.0171 4980        WudfPf - ok

14:18:48.0171 4980        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

14:18:48.0187 4980        WudfRd - ok

14:18:48.0218 4980        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

14:18:48.0359 4980        \Device\Harddisk0\DR0 - ok

14:18:48.0375 4980        Boot (0x1200)   (ddfa81ffb0b5f6df68589331c0170dc1) \Device\Harddisk0\DR0\Partition0

14:18:48.0375 4980        \Device\Harddisk0\DR0\Partition0 - ok

14:18:48.0406 4980        Boot (0x1200)   (cf4e7cbeb8e7a03a07e7300dafd9c0c3) \Device\Harddisk0\DR0\Partition1

14:18:48.0406 4980        \Device\Harddisk0\DR0\Partition1 - ok

14:18:48.0406 4980        ============================================================

14:18:48.0406 4980        Scan finished

14:18:48.0406 4980        ============================================================

14:18:48.0531 4864        Detected object count: 1

14:18:48.0531 4864        Actual detected object count: 1

14:19:14.0546 4864        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user

14:19:14.0546 4864        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:22:33.0921 2620        Deinitialize success

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.