Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Zweimal rundll32.exe / Rechner langsam (obwohl gerade neu aufgesetzt)/viele Ports offen (https://www.trojaner-board.de/106045-zweimal-rundll32-exe-rechner-langsam-obwohl-gerade-neu-aufgesetzt-viele-ports-offen.html)

DocHolliday 09.12.2011 22:54
Zweimal rundll32.exe / Rechner langsam (obwohl gerade neu aufgesetzt)/viele Ports offen
 
Guten Abend!

Ich hatte einen Trojaner und habe mir beim Versuch, das System alleine wieder hinzubekommen, die Installation zerschossen :twak:

Mein Laptop besitzt eine RecoveryFunktion, mit deren Hilfe ich dann Win Vista incl. Treibern zurückgespielt habe.

Ich habe jetzt aber das unbestimmte Gefühl, daß der Störenfried immer noch/schon wieder da ist!

Die HD rödelt ziemlich viel und der Rechner ist stellenweise sehr langsam!
Im Taskmanager taucht die rundll32.exe zweimal auf und manchmal auch die explorer.exe.

Helios hat mir angezeigt daß einige Zweige in der Registry gesperrt sind!!!!!
(Ist das normal?????)

Avast findet nichts!
Ich habe einen Portscan gemacht und herausgefunden, daß einige hohe Ports offen sind:u.a 8008/8081/8091/8888 und 49152-49156 sowie 135, 445 !
Der MS RootkitRevealer stürzt nach dem Start ab!


Könntet ihr euch bitte mal meine Logs anschauen?????!!!!!


Ich hoffe, ich habe alles richtig gemacht! :kaffee:

Gruß

DH

cosinus 12.12.2011 11:54
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


DocHolliday 13.12.2011 19:00
Nabend!
Erstmals vielen Dank für Deine Antwort!
Malwarebyte und Eset Logs sind im Anhang!
Ausserdem habe ich noch aswMBR von Avast durchlaufen lassen und der hat was im MBR gefunden!!!!!!(log habe ich auch mitgeschickt)
:headbang:


Während des EsetScan habe ich die Firewall aktiviert gelassen! War das falsch?

Gruß
DH

cosinus 13.12.2011 20:26
Wie kommst du auf die Idee sämtlichen Kram von Softonic zu laden. Da ist immer irgendein Müll wie Toolbars oder der sinnlose Softonic Downloader drin. Warum lädst du die Software nicht von der Seite des Herstellers oder notfalls bei chip.de?


Zitat:
c:\Users\admin2\AppData\Local\Temp\temp1_kkrieger-beta.zip\pno0001.exe
Bitte um Aufklärung was das hier genau sein soll.

DocHolliday 13.12.2011 21:22
Moin!
Stimmt, das mit softonic war ne Shit-Idee!
KKrieger ist ein Shareware-Egoshooter(der erstaunlicherweise nur 96kb gross ist)
(nix Illegales!)
->.theprodukkt
->Let´s Show - .kkrieger [HD] - YouTube

Gruß
DH

DocHolliday 13.12.2011 21:26
Herrgott!
Ich hatte eigentlich 2 Links mitreingepostet-aber irgendwie hat er die nicht genommen, sondern Text drausgemacht !
Wenn Fragen zu dem prog : einfach googeln nach kkrieger!

cosinus 14.12.2011 10:02
Zitat:
OTL logfile created on: 09.12.2011 15:39:42 - Run 5
Wieso hast du denn gleich fünf mal mit OTL ein Loig erstellt? :wtf:
Außerdem war das fünfte Log kein CustomScan


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

DocHolliday 14.12.2011 18:04
Nabend!
OK, hier kommt das Logfile!
Im Temp-Verzeichnis scheint was zu sein (ADS)

Gruß

DH

cosinus 14.12.2011 22:02
Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

DocHolliday 14.12.2011 22:35
OK! Hier isses:

OTL Logfile:
Code:
OTL logfile created on: 14.12.2011 17:39:45 - Run 7
OTL by OldTimer - Version 3.2.31.0    Folder = D:\
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 74,42% Memory free
6,80 Gb Paging File | 6,13 Gb Available in Paging File | 90,06% Paging File free
Paging file location(s): c:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 75,86 Gb Free Space | 52,66% Space Free | Partition Type: NTFS
Drive D: | 144,05 Gb Total Space | 53,78 Gb Free Space | 37,33% Space Free | Partition Type: NTFS
Drive E: | 6,22 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: LAPPI-10TACLE | User Name: 10tacle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.11.27 15:05:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\OTL(1).exe
PRC - [2011.11.23 14:17:10 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2009.02.23 11:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.05.23 06:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.05.23 05:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.05.22 09:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008.05.13 00:47:20 | 000,077,480 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
PRC - [2008.04.25 13:31:34 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2008.04.17 07:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008.04.17 03:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.07.04 23:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010.07.04 22:32:38 | 000,010,752 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll
MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll
MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll
MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.09 22:16:10 | 000,379,776 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\10tacle\AppData\Local\Temp\ENAXITTPPCKHEU.exe -- (ENAXITTPPCKHEU)
SRV - [2011.12.07 07:58:20 | 000,367,488 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\10tacle\AppData\Local\Temp\DDFPVSEE.exe -- (DDFPVSEE)
SRV - [2011.12.07 07:49:08 | 000,420,736 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\10tacle\AppData\Local\Temp\WABGQEVHZOI.exe -- (WABGQEVHZOI)
SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.11.23 14:17:10 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009.02.23 11:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008.05.23 06:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.05.23 05:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.05.13 00:47:20 | 000,077,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.10 18:37:29 | 000,024,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rkhdrv40.sys -- (rkhdrv40)
DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.11.28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.11.23 14:17:08 | 000,131,856 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008.09.12 05:01:15 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2008.08.05 19:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.07.26 20:24:00 | 007,548,000 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.05.20 20:36:12 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.05.08 10:51:18 | 000,226,328 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel(R)
DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007.09.13 07:17:58 | 000,755,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.01.31 14:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007.01.18 13:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2006.11.28 22:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PDNMp50.sys -- (PDNMp50)
DRV - [2006.11.28 22:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PDNSp50.sys -- (PDNSp50)
DRV - [2006.11.28 08:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2469530880-1206956978-1671307283-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKU\S-1-5-21-2469530880-1206956978-1671307283-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com
IE - HKU\S-1-5-21-2469530880-1206956978-1671307283-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.12.03 16:53:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Utilities\components [2011.11.22 17:32:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Utilities\plugins
 
[2011.11.22 16:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\10tacle\AppData\Roaming\mozilla\Extensions
[2011.12.07 14:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\10tacle\AppData\Roaming\mozilla\Firefox\Profiles\4hv8ckb0.default\extensions
[2011.11.23 17:04:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\10tacle\AppData\Roaming\mozilla\Firefox\Profiles\4hv8ckb0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.12.07 14:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\10tacle\AppData\Roaming\mozilla\Firefox\Profiles\4hv8ckb0.default\extensions\staged
[2011.12.03 16:53:13 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\10TACLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4HV8CKB0.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
() (No name found) -- C:\USERS\10TACLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4HV8CKB0.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\dcsws2.dll (Diamond Computer Systems Pty. Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\dcsws2.dll (Diamond Computer Systems Pty. Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\dcsws2.dll (Diamond Computer Systems Pty. Ltd.)
O13 - gopher Prefix: missing
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.10.30 02:12:54 | 000,000,055 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{e4540378-147d-11e1-837b-001377b0a5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{e4540378-147d-11e1-837b-001377b0a5dc}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\setup.hta
O33 - MountPoints2\{ef33160c-a0dc-11df-9858-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ef33160c-a0dc-11df-9858-806e6f6e6963}\Shell\AutoRun\command - "" = E:\FrameworkCheck.exe -- [2007.10.30 01:59:50 | 000,052,880 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk.disabled -  - File not found
MsConfig - StartUpReg: SandboxieControl - hkey= - key= - C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files\Utilities\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.12 18:53:25 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Roaming\Malwarebytes
[2011.12.12 18:53:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.12 18:53:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.12 18:53:17 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.12 18:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.11 11:52:30 | 000,000,000 | ---D | C] -- C:\Users\10tacle\Documents\My Games
[2011.12.11 11:51:54 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Roaming\InstallShield Installation Information
[2011.12.11 11:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Tournament 3 (LG)
[2011.12.11 11:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\Unreal Tournament 3 (LG)
[2011.12.11 11:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGEIA
[2011.12.11 11:35:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
[2011.12.11 11:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2011.12.10 19:29:44 | 000,019,248 | ---- | C] (Resplendence Software Projects Sp.) -- C:\Windows\System32\drivers\rspsc32.sys
[2011.12.10 19:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RootKit Hook Analyzer
[2011.12.10 19:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\RootKit Hook Analyzer
[2011.12.10 18:39:31 | 000,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\Windows\System32\drivers\AvgArCln.sys
[2011.12.10 18:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Anti-Rootkit Free
[2011.12.10 18:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\GRISOFT
[2011.12.10 18:36:41 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker
[2011.12.10 18:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker
[2011.12.10 18:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\RkUnhooker
[2011.12.08 19:21:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\10tacle\Desktop\OTL(1).exe
[2011.12.08 19:21:41 | 002,676,504 | ---- | C] (ESET) -- C:\Users\10tacle\Desktop\SysInspector1026(1).exe
[2011.12.07 21:05:27 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Roaming\Canneverbe Limited
[2011.12.07 21:05:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2011.12.07 14:16:12 | 000,421,888 | ---- | C] (MIEL e-Security Pvt. Ltd.) -- C:\Users\10tacle\Desktop\Helios Lite.exe
[2011.12.07 07:49:01 | 000,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\10tacle\Desktop\RootkitRevealer.exe
[2011.12.05 16:01:44 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Roaming\WinRAR
[2011.12.05 16:01:43 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.12.05 16:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.12.05 16:01:28 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.12.04 01:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2011.12.04 01:08:23 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Local\Paint.NET
[2011.12.04 00:56:18 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Roaming\Microsoft Corporation
[2011.12.03 20:13:00 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Roaming\X-NetStat
[2011.12.03 20:12:55 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\X-NetStat Professional
[2011.12.03 20:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-NetStat Professional
[2011.12.03 20:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\X-NetStat Professional
[2011.12.03 17:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\Sygate
[2011.12.03 17:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011.12.03 16:45:25 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Local\Google
[2011.12.03 16:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011.12.03 16:45:24 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.12.03 16:45:24 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.12.03 16:45:24 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.12.03 16:45:24 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.12.03 16:45:24 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.12.03 16:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.12.03 16:45:23 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.12.03 16:44:16 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.12.03 16:44:16 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.12.03 16:44:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011.12.03 16:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011.12.03 15:34:52 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2011.12.03 15:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011.12.03 15:25:29 | 000,000,000 | ---D | C] -- C:\Users\10tacle\Desktop\lang
[2011.12.03 14:55:47 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.12.03 14:12:51 | 000,040,960 | ---- | C] (Diamond Computer Systems Pty. Ltd.) -- C:\Windows\System32\dcsws2.dll
[2011.12.03 14:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Port Explorer
[2011.12.03 14:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Port Explorer
[2011.12.03 13:33:00 | 000,000,000 | ---D | C] -- C:\Users\10tacle\Documents\Anti-Malware
[2011.12.02 08:44:17 | 000,000,000 | ---D | C] -- C:\Users\10tacle\Desktop\Kopie (4) von Kopie von leereswinproj - Kopie - Kopie - Kopie - Kopie
[2011.12.01 23:39:06 | 000,000,000 | ---D | C] -- C:\Users\10tacle\Desktop\Kopie (2) von Kopie von leereswinproj - Kopie - Kopie - Kopie - Kopie
[2011.12.01 19:55:59 | 000,000,000 | R--D | C] -- C:\Sandbox
[2011.12.01 18:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2011.12.01 18:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2011.12.01 17:47:32 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Roaming\TrackWinstall
[2011.12.01 17:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Takatis - A Tribute To Manfred Trenz
[2011.12.01 17:40:58 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Takatis - A Tribute To Manfred Trenz
[2011.12.01 17:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\Takatis - A Tribute To Manfred Trenz
[2011.12.01 16:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Poke53280
[2011.12.01 16:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ID Security Suite
[2011.12.01 16:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\ID Security Suite
[2011.11.30 23:37:53 | 000,000,000 | ---D | C] -- C:\Users\10tacle\Desktop\Kopie (3) von Kopie von leereswinproj - Kopie - Kopie - Kopie - Kopie - Kopie
[2011.11.30 21:07:23 | 000,000,000 | R--D | C] -- C:\Users\10tacle\Desktop\Downloads
[2011.11.30 21:05:48 | 000,000,000 | ---D | C] -- C:\Users\10tacle\Desktop\Kopie (3) von Kopie von leereswinproj - Kopie - Kopie - Kopie - Kopie
[2011.11.29 18:16:15 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2011.11.28 23:17:55 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Local\PRT Demo
[2011.11.28 21:44:36 | 000,000,000 | R--D | C] -- C:\Users\10tacle\Desktop\Neuer Ordner
[2011.11.28 20:29:47 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Local\Apps
[2011.11.28 17:19:52 | 000,000,000 | ---D | C] -- C:\Users\10tacle\Desktop\obacht!!!
[2011.11.27 19:59:17 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Roaming\dvdcss
[2011.11.26 20:24:44 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Roaming\MAXON
[2011.11.26 20:06:27 | 000,000,000 | ---D | C] -- C:\c4d
[2011.11.24 17:35:03 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Local\Comodo
[2011.11.23 20:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Requiem
[2011.11.23 20:13:04 | 000,000,000 | ---D | C] -- C:\Program Files\Gravity
[2011.11.23 20:01:00 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2011.11.23 17:51:43 | 000,000,000 | ---D | C] -- C:\574a2e6a41ff2f6b493a5270bd31b0e8
[2011.11.23 17:16:21 | 000,000,000 | ---D | C] -- C:\Users\10tacle\dwhelper
[2011.11.23 17:16:02 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Roaming\Macromedia
[2011.11.22 20:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft DirectX SDK (June 2010)
[2011.11.22 20:22:22 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Local\Microsoft Help
[2011.11.22 20:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft DirectX SDK (June 2010)
[2011.11.22 20:09:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2011.11.22 20:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011.11.22 20:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2011.11.22 20:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2011.11.22 19:57:23 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Local\Mozilla
[2011.11.22 19:55:22 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Roaming\Hansenet
[2011.11.22 19:55:19 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alice Software
[2011.11.22 19:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\Alice Software
[2011.11.22 19:35:58 | 000,015,571 | ---- | C] (ProDyne) -- C:\Windows\System32\drivers\pddsladp.sys
[2011.11.22 19:35:58 | 000,015,187 | ---- | C] (ProDyne) -- C:\Windows\System32\drivers\pddslhnd.sys
[2011.11.22 19:18:26 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Roaming\vlc
[2011.11.22 17:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.11.22 16:38:41 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Roaming\Mozilla
[2011.11.22 16:34:28 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alice
[2011.11.22 16:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Alice
[2011.11.22 16:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\Alice
[2011.11.22 16:24:55 | 060,014,440 | ---- | C] (moka5, Inc.) -- C:\Users\10tacle\Documents\MokaFive-Win-Player-Installer.exe
[2011.11.22 16:22:37 | 021,318,888 | ---- | C] (PortableApps.com) -- C:\Users\10tacle\Documents\VLCPortable_1.0.2.paf.exe
[2011.11.22 16:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.11.22 16:21:35 | 007,802,960 | ---- | C] (PC Tools                                                    ) -- C:\Users\10tacle\Documents\tfinstall.exe
[2011.11.22 16:19:07 | 009,117,456 | ---- | C] (PortableApps.com) -- C:\Users\10tacle\Documents\FirefoxPortable_3.5.3_German.paf.exe
[2011.11.22 16:14:28 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.11.22 15:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\a-squared HiJackFree
[2011.11.22 15:34:38 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Snapshot Disk Imaging
[2011.11.22 15:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapshot Disk Imaging
[2011.11.22 15:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LauschAngriff
[2011.11.21 23:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011.11.21 23:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011.11.21 23:20:40 | 000,000,000 | ---D | C] -- C:\Users\10tacle\Documents\Visual Studio 2010
[2011.11.21 23:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2011.11.21 23:19:03 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2011.11.21 23:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2011.11.21 23:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2011.11.21 23:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2011.11.21 23:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2011.11.21 23:10:03 | 000,000,000 | ---D | C] -- C:\Users\10tacle\Desktop\VBExpress
[2011.11.21 23:08:57 | 000,000,000 | ---D | C] -- C:\Users\10tacle\Desktop\VCExpress
[2011.11.21 23:07:12 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Roaming\Safer Networking
[2011.11.21 22:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2011.11.21 22:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\Utilities
[2011.11.21 22:37:42 | 000,052,476 | ---- | C] (PortableApps.com (John T. Haller)) -- C:\Users\10tacle\Desktop\StartPortableApps.exe
[2011.11.21 22:35:41 | 000,000,000 | R--D | C] -- C:\Users\10tacle\Desktop\PortableApps
[2011.11.21 22:35:41 | 000,000,000 | R--D | C] -- C:\Users\10tacle\Desktop\Documents
[2011.11.21 22:30:49 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Local\AnVir
[2011.11.21 00:19:07 | 000,000,000 | ---D | C] -- C:\Users\10tacle\Desktop\etoolz
[2011.11.21 00:17:57 | 000,472,064 | ---- | C] ( ) -- C:\Users\10tacle\Desktop\RootRepeal.exe
[2011.11.20 23:38:31 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XeroBank
[2011.11.20 01:02:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011.11.20 01:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\secur
[2011.11.19 20:47:25 | 020,369,721 | ---- | C] (PortableApps.com) -- C:\Users\10tacle\Desktop\wiresharkportable-1.6.1.paf.exe
[2011.11.19 20:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2011.11.19 20:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sec
[2011.11.19 18:22:22 | 000,000,000 | ---D | C] -- C:\Users\10tacle\Desktop\Kopie (3) von Kopie von leereswinproj - Kopie - Kopie - Kopie
[2011.11.19 18:22:08 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Roaming\Adobe
[2011.11.19 18:22:08 | 000,000,000 | ---D | C] -- C:\Users\10tacle\AppData\Local\Adobe
[2011.11.19 18:05:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.14 17:41:38 | 000,739,974 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.14 17:41:38 | 000,688,510 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.14 17:41:38 | 000,173,162 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.14 17:41:38 | 000,140,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.14 17:38:11 | 000,078,749 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.12.14 17:37:21 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.14 17:37:21 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.14 17:37:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.14 17:37:10 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.14 17:35:55 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.12.14 17:12:05 | 000,078,749 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.12.14 00:26:11 | 000,012,568 | ---- | M] () -- C:\Users\10tacle\Desktop\tghthdtfzhdrtzgh.odt
[2011.12.12 18:53:21 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.11 11:51:50 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Unreal Tournament 3.lnk
[2011.12.10 18:39:31 | 000,000,968 | ---- | M] () -- C:\Users\Public\Desktop\AVG Anti-Rootkit Free.lnk
[2011.12.10 18:37:29 | 000,024,320 | ---- | M] () -- C:\Windows\System32\drivers\rkhdrv40.sys
[2011.12.09 22:31:54 | 000,306,656 | ---- | M] () -- C:\Users\10tacle\Desktop\logs.zip
[2011.12.09 16:12:44 | 000,272,512 | ---- | M] () -- C:\Users\10tacle\Desktop\SysInspector-LAPPI-10TACLE-111209-1607xxx.zip
[2011.12.08 23:53:05 | 000,000,595 | ---- | M] () -- C:\Users\10tacle\Desktop\ScanResult.xml
[2011.12.08 20:08:47 | 000,275,218 | ---- | M] () -- C:\Users\10tacle\Desktop\SysInspector-LAPPI-10TACLE-111208-1955.zip
[2011.12.08 19:28:22 | 000,000,000 | ---- | M] () -- C:\Users\10tacle\defogger_reenable
[2011.12.08 00:32:35 | 288,864,654 | ---- | M] () -- C:\Windows\System32\T
[2011.12.07 23:12:24 | 000,050,477 | ---- | M] () -- C:\Users\10tacle\Desktop\Defogger(1).exe
[2011.12.07 20:58:37 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011.12.05 16:03:06 | 000,001,790 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011.12.04 14:34:16 | 000,000,679 | ---- | M] () -- C:\Users\10tacle\Desktop\Alice-Einwahl.lnk
[2011.12.04 14:22:30 | 000,000,206 | ---- | M] () -- C:\Users\10tacle\Desktop\Sicherheitscenter - Verknüpfung.lnk
[2011.12.04 13:33:50 | 000,445,469 | ---- | M] () -- C:\Users\10tacle\Desktop\Helios-Lite.zip
[2011.12.04 13:03:21 | 000,248,916 | ---- | M] () -- C:\Users\10tacle\AppData\Local\census.cache
[2011.12.04 13:03:17 | 000,183,124 | ---- | M] () -- C:\Users\10tacle\AppData\Local\ars.cache
[2011.12.04 12:54:49 | 000,000,036 | ---- | M] () -- C:\Users\10tacle\AppData\Local\housecall.guid.cache
[2011.12.04 01:56:12 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job.bak
[2011.12.04 01:09:53 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2011.12.03 23:56:46 | 000,000,447 | -H-- | M] () -- C:\Users\10tacle\AppData\Roaming\vispa.ini
[2011.12.03 22:33:55 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job.bak
[2011.12.03 21:33:05 | 000,000,680 | ---- | M] () -- C:\Users\10tacle\AppData\Local\d3d9caps.dat
[2011.12.03 21:18:08 | 001,309,375 | ---- | M] () -- C:\Users\10tacle\Desktop\tdsskiller_2.5.5.0[1].zip
[2011.12.03 21:14:55 | 001,309,375 | ---- | M] () -- C:\Users\10tacle\Desktop\tdsskiller_2.5.5.0.zip
[2011.12.03 20:12:55 | 000,000,878 | ---- | M] () -- C:\Users\10tacle\Desktop\X-NetStat Professional.lnk
[2011.12.03 16:53:13 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.12.03 16:45:24 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.12.03 15:43:23 | 000,000,664 | ---- | M] () -- C:\Users\10tacle\Download - Verknüpfung.lnk
[2011.12.03 15:34:52 | 000,001,388 | ---- | M] () -- C:\Users\10tacle\Desktop\QuickStores.lnk
[2011.12.03 15:33:26 | 000,110,420 | ---- | M] () -- C:\Users\10tacle\Desktop\cc_20111203_153321.reg
[2011.12.03 15:24:27 | 002,663,232 | ---- | M] (Piriform Ltd) -- C:\Users\10tacle\Desktop\CCleaner.exe
[2011.12.03 14:15:22 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.12.03 14:12:51 | 000,000,859 | ---- | M] () -- C:\Users\10tacle\Desktop\Port Explorer.lnk
[2011.12.02 08:39:25 | 000,001,109 | ---- | M] () -- C:\Users\10tacle\Desktop\cports.cfg
[2011.12.01 20:54:51 | 000,004,608 | ---- | M] () -- C:\Users\10tacle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.01 18:27:13 | 000,000,906 | ---- | M] () -- C:\Users\10tacle\Desktop\Sandboxed Web Browser.lnk
[2011.12.01 16:18:53 | 000,000,976 | ---- | M] () -- C:\Users\10tacle\Desktop\ID Install Watch.lnk
[2011.11.30 21:11:19 | 000,000,559 | ---- | M] () -- C:\Users\10tacle\Desktop\SvchostAnalyzer.exe - Verknüpfung.lnk
[2011.11.30 21:07:32 | 000,000,664 | ---- | M] () -- C:\Users\10tacle\Desktop\Download - Verknüpfung.lnk
[2011.11.30 20:56:23 | 000,000,165 | ---- | M] () -- C:\Users\10tacle\Documents\Dokument.rtf
[2011.11.28 19:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.11.28 19:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.11.28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.11.27 15:06:22 | 002,676,504 | ---- | M] (ESET) -- C:\Users\10tacle\Desktop\SysInspector1026(1).exe
[2011.11.27 15:05:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\10tacle\Desktop\OTL(1).exe
[2011.11.24 23:44:15 | 000,000,254 | ---- | M] () -- C:\Users\10tacle\Desktop\Dokjjjument.rtf
[2011.11.24 06:22:04 | 000,368,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.11.23 21:27:15 | 000,000,423 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011.11.23 20:33:33 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Requiem.lnk
[2011.11.22 19:58:54 | 000,515,109 | ---- | M] () -- C:\Users\10tacle\Desktop\noscript-2.2.xpi
[2011.11.22 19:35:48 | 000,000,111 | ---- | M] () -- C:\Windows\telephon.ini
[2011.11.22 19:34:31 | 000,000,847 | ---- | M] () -- C:\Users\10tacle\Desktop\sendings.rtf
[2011.11.22 19:18:22 | 000,000,974 | ---- | M] () -- C:\Users\10tacle\Desktop\VLCPortable.exe - Verknüpfung.lnk
[2011.11.22 17:32:29 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.11.22 16:58:34 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.11.22 15:55:51 | 000,219,222 | ---- | M] () -- C:\Users\10tacle\Desktop\c_windiag___.dib
[2011.11.22 15:41:00 | 000,000,922 | ---- | M] () -- C:\Users\Public\Desktop\a-squared HiJackFree.lnk
[2011.11.22 15:31:37 | 000,001,904 | ---- | M] () -- C:\Users\Public\Desktop\LauschAngriff.lnk
[2011.11.22 15:31:35 | 000,000,020 | ---- | M] () -- C:\Windows\LauschAngriff.ini
[2011.11.21 22:48:11 | 000,001,177 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2011.11.21 22:12:49 | 000,000,510 | ---- | M] () -- C:\Users\10tacle\Desktop\Programme - Verknüpfung.lnk
[2011.11.21 00:41:25 | 000,000,015 | ---- | M] () -- C:\Users\10tacle\Desktop\settings.dat
[2011.11.20 23:38:31 | 000,000,895 | ---- | M] () -- C:\Users\10tacle\Desktop\xB Browser.lnk
[2011.11.20 01:02:06 | 000,001,891 | ---- | M] () -- C:\Users\10tacle\Desktop\Sophos Anti-Rootkit.lnk
[2011.11.19 21:34:20 | 000,000,000 | ---- | M] () -- C:\Users\10tacle\Desktop\gmer.reg
[2011.11.19 21:34:11 | 000,000,000 | ---- | M] () -- C:\Users\10tacle\Desktop\gmer.bat
[2011.11.19 21:34:06 | 000,026,384 | ---- | M] () -- C:\Users\10tacle\Documents\gmer_autostart.rtf
[2011.11.19 19:17:46 | 000,000,293 | ---- | M] () -- C:\Users\10tacle\Desktop\Lokaler Datenträger (C) - Verknüpfung.lnk
[2011.11.19 19:17:39 | 000,000,280 | ---- | M] () -- C:\Users\10tacle\Desktop\Files (D) - Verknüpfung.lnk
[2011.11.19 19:17:32 | 000,000,199 | ---- | M] () -- C:\Users\10tacle\Desktop\CD-Laufwerk - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2011.12.14 00:26:11 | 000,012,568 | ---- | C] () -- C:\Users\10tacle\Desktop\tghthdtfzhdrtzgh.odt
[2011.12.12 18:53:21 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.11 11:51:50 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Unreal Tournament 3.lnk
[2011.12.10 18:39:31 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\AVG Anti-Rootkit Free.lnk
[2011.12.10 18:37:29 | 000,024,320 | ---- | C] () -- C:\Windows\System32\drivers\rkhdrv40.sys
[2011.12.09 22:31:53 | 000,306,656 | ---- | C] () -- C:\Users\10tacle\Desktop\logs.zip
[2011.12.09 16:12:43 | 000,272,512 | ---- | C] () -- C:\Users\10tacle\Desktop\SysInspector-LAPPI-10TACLE-111209-1607xxx.zip
[2011.12.08 23:53:04 | 000,000,595 | ---- | C] () -- C:\Users\10tacle\Desktop\ScanResult.xml
[2011.12.08 20:08:46 | 000,275,218 | ---- | C] () -- C:\Users\10tacle\Desktop\SysInspector-LAPPI-10TACLE-111208-1955.zip
[2011.12.08 19:28:22 | 000,000,000 | ---- | C] () -- C:\Users\10tacle\defogger_reenable
[2011.12.08 19:25:31 | 000,286,208 | ---- | C] () -- C:\Users\10tacle\Desktop\gmer.exe
[2011.12.08 19:21:16 | 000,050,477 | ---- | C] () -- C:\Users\10tacle\Desktop\Defogger(1).exe
[2011.12.08 00:23:46 | 288,864,654 | ---- | C] () -- C:\Windows\System32\T
[2011.12.07 20:58:37 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011.12.07 20:58:37 | 000,001,838 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2011.12.04 14:22:30 | 000,000,206 | ---- | C] () -- C:\Users\10tacle\Desktop\Sicherheitscenter - Verknüpfung.lnk
[2011.12.04 13:33:49 | 000,445,469 | ---- | C] () -- C:\Users\10tacle\Desktop\Helios-Lite.zip
[2011.12.04 13:03:21 | 000,248,916 | ---- | C] () -- C:\Users\10tacle\AppData\Local\census.cache
[2011.12.04 13:03:17 | 000,183,124 | ---- | C] () -- C:\Users\10tacle\AppData\Local\ars.cache
[2011.12.04 12:54:49 | 000,000,036 | ---- | C] () -- C:\Users\10tacle\AppData\Local\housecall.guid.cache
[2011.12.04 01:15:35 | 000,262,188 | ---- | C] () -- C:\radiation_box.tga
[2011.12.04 01:09:53 | 000,001,002 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2011.12.04 01:09:53 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2011.12.03 21:33:05 | 000,000,680 | ---- | C] () -- C:\Users\10tacle\AppData\Local\d3d9caps.dat
[2011.12.03 21:18:06 | 001,309,375 | ---- | C] () -- C:\Users\10tacle\Desktop\tdsskiller_2.5.5.0[1].zip
[2011.12.03 21:14:53 | 001,309,375 | ---- | C] () -- C:\Users\10tacle\Desktop\tdsskiller_2.5.5.0.zip
[2011.12.03 20:12:55 | 000,000,878 | ---- | C] () -- C:\Users\10tacle\Desktop\X-NetStat Professional.lnk
[2011.12.03 16:45:34 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job.bak
[2011.12.03 16:45:32 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job.bak
[2011.12.03 16:45:24 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.12.03 16:14:37 | 000,000,447 | -H-- | C] () -- C:\Users\10tacle\AppData\Roaming\vispa.ini
[2011.12.03 15:43:23 | 000,000,664 | ---- | C] () -- C:\Users\10tacle\Download - Verknüpfung.lnk
[2011.12.03 15:34:52 | 000,001,388 | ---- | C] () -- C:\Users\10tacle\Desktop\QuickStores.lnk
[2011.12.03 15:33:24 | 000,110,420 | ---- | C] () -- C:\Users\10tacle\Desktop\cc_20111203_153321.reg
[2011.12.03 14:12:51 | 000,000,859 | ---- | C] () -- C:\Users\10tacle\Desktop\Port Explorer.lnk
[2011.12.01 20:54:47 | 000,004,608 | ---- | C] () -- C:\Users\10tacle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.01 18:28:01 | 000,000,906 | ---- | C] () -- C:\Users\10tacle\Desktop\Sandboxed Web Browser.lnk
[2011.12.01 18:27:59 | 000,001,790 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011.12.01 16:18:23 | 000,000,976 | ---- | C] () -- C:\Users\10tacle\Desktop\ID Install Watch.lnk
[2011.11.30 21:11:19 | 000,000,559 | ---- | C] () -- C:\Users\10tacle\Desktop\SvchostAnalyzer.exe - Verknüpfung.lnk
[2011.11.30 21:07:32 | 000,000,664 | ---- | C] () -- C:\Users\10tacle\Desktop\Download - Verknüpfung.lnk
[2011.11.30 20:56:23 | 000,000,165 | ---- | C] () -- C:\Users\10tacle\Documents\Dokument.rtf
[2011.11.28 17:45:58 | 000,001,891 | ---- | C] () -- C:\Users\10tacle\Desktop\Sophos Anti-Rootkit.lnk
[2011.11.27 18:30:08 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011.11.26 21:54:20 | 000,153,415 | ---- | C] () -- C:\basic044.jpg
[2011.11.24 23:44:15 | 000,000,254 | ---- | C] () -- C:\Users\10tacle\Desktop\Dokjjjument.rtf
[2011.11.24 22:06:31 | 000,899,201 | ---- | C] () -- C:\lnd.jpg
[2011.11.24 21:56:59 | 472,706,037 | R--- | C] () -- C:\CINEMA4DR11010.zip
[2011.11.23 20:15:50 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Requiem.lnk
[2011.11.23 19:48:39 | 3215,572,992 | -HS- | C] () -- C:\hiberfil.sys
[2011.11.22 20:59:58 | 000,012,344 | ---- | C] () -- C:\particle.bmp
[2011.11.22 19:58:46 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011.11.22 19:55:50 | 000,000,679 | ---- | C] () -- C:\Users\10tacle\Desktop\Alice-Einwahl.lnk
[2011.11.22 19:35:58 | 000,042,982 | ---- | C] () -- C:\Windows\System32\pddsladp.dll
[2011.11.22 19:35:57 | 000,052,522 | ---- | C] () -- C:\Windows\System32\oemnpdsl.inf
[2011.11.22 19:35:48 | 000,000,111 | ---- | C] () -- C:\Windows\telephon.ini
[2011.11.22 19:34:31 | 000,000,847 | ---- | C] () -- C:\Users\10tacle\Desktop\sendings.rtf
[2011.11.22 19:18:21 | 000,000,974 | ---- | C] () -- C:\Users\10tacle\Desktop\VLCPortable.exe - Verknüpfung.lnk
[2011.11.22 17:32:29 | 000,000,816 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.11.22 17:32:29 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.11.22 16:26:17 | 096,389,910 | ---- | C] () -- C:\Users\10tacle\Documents\pcwVistaPE1.3a.zip
[2011.11.22 16:09:49 | 000,065,893 | ---- | C] () -- C:\Users\10tacle\Desktop\antivir_rootkit.zip
[2011.11.22 16:08:49 | 030,143,040 | ---- | C] () -- C:\Users\10tacle\Documents\avira_antivir_personal_de.exe
[2011.11.22 15:55:51 | 000,219,222 | ---- | C] () -- C:\Users\10tacle\Desktop\c_windiag___.dib
[2011.11.22 15:41:00 | 000,000,922 | ---- | C] () -- C:\Users\Public\Desktop\a-squared HiJackFree.lnk
[2011.11.22 15:31:37 | 000,001,904 | ---- | C] () -- C:\Users\Public\Desktop\LauschAngriff.lnk
[2011.11.22 15:31:35 | 000,000,020 | ---- | C] () -- C:\Windows\LauschAngriff.ini
[2011.11.21 22:48:11 | 000,001,177 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2011.11.21 22:35:54 | 000,000,170 | -H-- | C] () -- C:\Users\10tacle\Desktop\Autorun.inf
[2011.11.21 22:12:49 | 000,000,510 | ---- | C] () -- C:\Users\10tacle\Desktop\Programme - Verknüpfung.lnk
[2011.11.21 00:24:59 | 000,000,015 | ---- | C] () -- C:\Users\10tacle\Desktop\settings.dat
[2011.11.20 23:38:31 | 000,000,895 | ---- | C] () -- C:\Users\10tacle\Desktop\xB Browser.lnk
[2011.11.20 01:13:52 | 000,001,109 | ---- | C] () -- C:\Users\10tacle\Desktop\cports.cfg
[2011.11.20 01:10:11 | 000,062,915 | ---- | C] () -- C:\Users\10tacle\Documents\cports.zip
[2011.11.19 21:34:20 | 000,000,000 | ---- | C] () -- C:\Users\10tacle\Desktop\gmer.reg
[2011.11.19 21:34:11 | 000,000,000 | ---- | C] () -- C:\Users\10tacle\Desktop\gmer.bat
[2011.11.19 21:34:06 | 000,026,384 | ---- | C] () -- C:\Users\10tacle\Documents\gmer_autostart.rtf
[2011.11.19 21:02:16 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.11.19 20:54:28 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011.11.19 20:45:17 | 000,465,298 | ---- | C] () -- C:\Users\10tacle\Desktop\rootrepeal.rar
[2011.11.19 19:17:46 | 000,000,293 | ---- | C] () -- C:\Users\10tacle\Desktop\Lokaler Datenträger (C) - Verknüpfung.lnk
[2011.11.19 19:17:39 | 000,000,280 | ---- | C] () -- C:\Users\10tacle\Desktop\Files (D) - Verknüpfung.lnk
[2011.11.19 19:17:32 | 000,000,199 | ---- | C] () -- C:\Users\10tacle\Desktop\CD-Laufwerk - Verknüpfung.lnk
[2011.11.19 18:19:49 | 000,001,537 | ---- | C] () -- C:\Users\10tacle\Desktop\Windows Explorer.lnk
[2011.11.16 10:02:18 | 000,515,109 | ---- | C] () -- C:\Users\10tacle\Desktop\noscript-2.2.xpi
[2009.01.17 13:10:45 | 000,078,749 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.01.17 13:10:30 | 000,078,749 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.09.12 20:41:06 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.09.12 05:03:48 | 000,001,670 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008.09.12 05:03:25 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2008.09.12 05:03:06 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2008.09.12 05:03:06 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008.09.12 04:56:00 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2008.09.12 04:56:00 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2008.09.12 04:54:39 | 000,172,032 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008.09.11 16:12:00 | 000,739,974 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.09.11 16:12:00 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.09.11 16:12:00 | 000,173,162 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.09.11 16:12:00 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.09.11 16:02:18 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.02.09 17:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe
[2008.01.21 03:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.02.26 08:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,368,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,688,510 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,140,370 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2001.11.14 04:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2011.12.07 21:05:27 | 000,000,000 | ---D | M] -- C:\Users\10tacle\AppData\Roaming\Canneverbe Limited
[2011.11.22 19:55:22 | 000,000,000 | ---D | M] -- C:\Users\10tacle\AppData\Roaming\Hansenet
[2011.11.26 20:24:44 | 000,000,000 | ---D | M] -- C:\Users\10tacle\AppData\Roaming\MAXON
[2011.11.21 23:07:12 | 000,000,000 | ---D | M] -- C:\Users\10tacle\AppData\Roaming\Safer Networking
[2011.12.01 17:47:32 | 000,000,000 | ---D | M] -- C:\Users\10tacle\AppData\Roaming\TrackWinstall
[2011.12.04 13:20:29 | 000,000,000 | ---D | M] -- C:\Users\10tacle\AppData\Roaming\X-NetStat
[2011.12.14 17:35:56 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.23 17:16:02 | 000,000,000 | ---D | M] -- C:\Users\10tacle\AppData\Roaming\Adobe
[2011.12.07 21:05:27 | 000,000,000 | ---D | M] -- C:\Users\10tacle\AppData\Roaming\Canneverbe Limited
[2011.11.27 19:59:17 | 000,000,000 | ---D | M] -- C:\Users\10tacle\AppData\Roaming\dvdcss
[2011.11.22 19:55:22 | 000,000,000 | ---D | M] -- C:\Users\10tacle\AppData\Roaming\Hansenet
[2010.12.07 18:28:03 | 000,000,000 | ---D | M] -- C:\Users\10tacle\AppData\Roaming\Identities
[2011.12.11 11:51:54 | 000,000,000 | ---D | M] -- C:\Users\10tacle\AppData\Roaming\InstallShield Installation Information
[2011.11.23 17:16:02 | 000,000,000 | ---D | M] -- C:\Users\10tacle\AppData\Roaming\Macromedia
[2011.12.12 18:53:25 | 000,000,000 | ---D | M] -- C:\Users\10tacle\AppData\Roaming\Malwarebytes
[2011.11.26 20:24:44 | 000,000,000 | ---D | M] -- C:\Users\10tacle\AppData\Roaming\MAXON
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\10tacle\AppData\Roaming\Media Center Programs
[2011.12.07 21:34:09 | 000,000,000 | --SD | M] -- C:\Users\10tacle\AppData\Roaming\Microsoft
[2011.12.04 00:56:18 | 000,000,000 | ---D | M] -- C:\Users\10tacle\AppData\Roaming\Microsoft Corporation
[2011.11.22 16:38:42 | 000,000,000 | ---D | M] -- C:\Users\10tacle\AppData\Roaming\Mozilla
[2011.11.21 23:07:12 | 000,000,000 | ---D | M] -- C:\Users\10tacle\AppData\Roaming\Safer Networking
[2011.12.01 17:47:32 | 000,000,000 | ---D | M] -- C:\Users\10tacle\AppData\Roaming\TrackWinstall
[2011.12.10 21:21:20 | 000,000,000 | ---D | M] -- C:\Users\10tacle\AppData\Roaming\vlc
[2011.12.05 16:01:46 | 000,000,000 | ---D | M] -- C:\Users\10tacle\AppData\Roaming\WinRAR
[2011.12.04 13:20:29 | 000,000,000 | ---D | M] -- C:\Users\10tacle\AppData\Roaming\X-NetStat
 
< %APPDATA%\*.exe /s >
[2011.12.11 11:34:56 | 000,331,776 | ---- | M] () -- C:\Users\10tacle\AppData\Roaming\InstallShield Installation Information\{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}\SetupUT3.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.07.22 07:33:26 | 000,396,312 | ---- | M] (Intel Corporation) MD5=5C62352AFF7F1FB36B2C19329F7C949D -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.07.22 07:33:02 | 000,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.07.22 07:33:02 | 000,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\Windows\System32\drivers\iaStor.sys
[2008.07.22 07:33:02 | 000,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_783fb8da\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:1CA73D29

< End of report >
--- --- ---



Gruß
DH

cosinus 15.12.2011 11:15
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.10.30 02:12:54 | 000,000,055 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{e4540378-147d-11e1-837b-001377b0a5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{e4540378-147d-11e1-837b-001377b0a5dc}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\setup.hta
O33 - MountPoints2\{ef33160c-a0dc-11df-9858-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ef33160c-a0dc-11df-9858-806e6f6e6963}\Shell\AutoRun\command - "" = E:\FrameworkCheck.exe -- [2007.10.30 01:59:50 | 000,052,880 | R--- | M] ()
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:1CA73D29
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

DocHolliday 15.12.2011 23:44
Danke! Hier zur Sicherheit nochmal das Logfile:
Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File E:\Autorun.inf not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4540378-147d-11e1-837b-001377b0a5dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4540378-147d-11e1-837b-001377b0a5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4540378-147d-11e1-837b-001377b0a5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4540378-147d-11e1-837b-001377b0a5dc}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\setup.hta not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef33160c-a0dc-11df-9858-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef33160c-a0dc-11df-9858-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef33160c-a0dc-11df-9858-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef33160c-a0dc-11df-9858-806e6f6e6963}\ not found.
File E:\FrameworkCheck.exe not found.
ADS C:\ProgramData\TEMP:1CA73D29 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: 10tacle
->Temp folder emptied: 91707071 bytes
->Temporary Internet Files folder emptied: 2786965 bytes
->FireFox cache emptied: 412477977 bytes
->Flash cache emptied: 8438 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: User
->Temp folder emptied: 1598796 bytes
->Temporary Internet Files folder emptied: 485166 bytes
->Flash cache emptied: 591 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42611136 bytes
RecycleBin emptied: 792843046 bytes
 
Total Files Cleaned = 1.282,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12152011_232426

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Ist das System jetzt sauber?

Kann ich jetzt den defogger jetzt "entriegeln"?

Gruß
DH

cosinus 16.12.2011 10:46
Bitte nun (im normalen Modus!) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

DocHolliday 16.12.2011 14:48
ok!:

Code:
14:38:21.0702 0640        TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
14:38:21.0764 0640        ============================================================
14:38:21.0764 0640        Current date / time: 2011/12/16 14:38:21.0764
14:38:21.0764 0640        SystemInfo:
14:38:21.0764 0640       
14:38:21.0764 0640        OS Version: 6.0.6001 ServicePack: 1.0
14:38:21.0764 0640        Product type: Workstation
14:38:21.0764 0640        ComputerName: LAPPI-10TACLE
14:38:21.0764 0640        UserName: 10tacle
14:38:21.0764 0640        Windows directory: C:\Windows
14:38:21.0764 0640        System windows directory: C:\Windows
14:38:21.0764 0640        Processor architecture: Intel x86
14:38:21.0764 0640        Number of processors: 2
14:38:21.0764 0640        Page size: 0x1000
14:38:21.0764 0640        Boot type: Normal boot
14:38:21.0764 0640        ============================================================
14:38:22.0248 0640        Initialize success
14:38:37.0739 3960        ============================================================
14:38:37.0739 3960        Scan started
14:38:37.0739 3960        Mode: Manual; SigCheck; TDLFS;
14:38:37.0739 3960        ============================================================
14:38:38.0019 3960        ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
14:38:38.0097 3960        ACPI - ok
14:38:38.0144 3960        ADDMEM - ok
14:38:38.0316 3960        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:38:38.0331 3960        adp94xx - ok
14:38:38.0363 3960        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:38:38.0378 3960        adpahci - ok
14:38:38.0409 3960        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:38:38.0425 3960        adpu160m - ok
14:38:38.0441 3960        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:38:38.0441 3960        adpu320 - ok
14:38:38.0534 3960        AFD            (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
14:38:38.0550 3960        AFD - ok
14:38:38.0612 3960        AgereSoftModem  (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
14:38:38.0675 3960        AgereSoftModem - ok
14:38:38.0737 3960        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:38:38.0737 3960        agp440 - ok
14:38:38.0799 3960        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:38:38.0815 3960        aic78xx - ok
14:38:38.0862 3960        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:38:38.0862 3960        aliide - ok
14:38:38.0877 3960        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:38:38.0893 3960        amdagp - ok
14:38:38.0893 3960        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:38:38.0909 3960        amdide - ok
14:38:38.0924 3960        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:38:38.0940 3960        AmdK7 - ok
14:38:38.0955 3960        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:38:38.0971 3960        AmdK8 - ok
14:38:39.0002 3960        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:38:39.0018 3960        arc - ok
14:38:39.0033 3960        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:38:39.0049 3960        arcsas - ok
14:38:39.0174 3960        aswFsBlk        (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
14:38:39.0189 3960        aswFsBlk - ok
14:38:39.0236 3960        aswMonFlt      (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
14:38:39.0236 3960        aswMonFlt - ok
14:38:39.0299 3960        aswRdr          (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
14:38:39.0299 3960        aswRdr - ok
14:38:39.0345 3960        aswSnx          (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
14:38:39.0361 3960        aswSnx - ok
14:38:39.0470 3960        aswSP          (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
14:38:39.0470 3960        aswSP - ok
14:38:39.0517 3960        aswTdi          (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
14:38:39.0533 3960        aswTdi - ok
14:38:39.0564 3960        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:38:39.0595 3960        AsyncMac - ok
14:38:39.0611 3960        atapi          (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
14:38:39.0611 3960        atapi - ok
14:38:39.0673 3960        athr            (91e15b0a1d6f7b99ace55d04c6d1544a) C:\Windows\system32\DRIVERS\athr.sys
14:38:39.0689 3960        athr - ok
14:38:39.0923 3960        AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\Windows\system32\DRIVERS\avgarkt.sys
14:38:39.0923 3960        AVG Anti-Rootkit ( UnsignedFile.Multi.Generic ) - warning
14:38:39.0923 3960        AVG Anti-Rootkit - detected UnsignedFile.Multi.Generic (1)
14:38:39.0954 3960        AvgArCln        (ec08d1625f5c6cf2a57b79eb35186f8c) C:\Windows\system32\DRIVERS\AvgArCln.sys
14:38:39.0969 3960        AvgArCln ( UnsignedFile.Multi.Generic ) - warning
14:38:39.0969 3960        AvgArCln - detected UnsignedFile.Multi.Generic (1)
14:38:40.0110 3960        bcm4sbxp        (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
14:38:40.0157 3960        bcm4sbxp - ok
14:38:40.0172 3960        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:38:40.0203 3960        Beep - ok
14:38:40.0235 3960        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:38:40.0250 3960        blbdrive - ok
14:38:40.0297 3960        bowser          (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
14:38:40.0313 3960        bowser - ok
14:38:40.0344 3960        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:38:40.0359 3960        BrFiltLo - ok
14:38:40.0375 3960        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:38:40.0391 3960        BrFiltUp - ok
14:38:40.0406 3960        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:38:40.0437 3960        Brserid - ok
14:38:40.0453 3960        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:38:40.0484 3960        BrSerWdm - ok
14:38:40.0500 3960        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:38:40.0547 3960        BrUsbMdm - ok
14:38:40.0547 3960        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:38:40.0593 3960        BrUsbSer - ok
14:38:40.0625 3960        BthEnum        (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
14:38:40.0640 3960        BthEnum - ok
14:38:40.0687 3960        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:38:40.0718 3960        BTHMODEM - ok
14:38:40.0765 3960        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
14:38:40.0796 3960        BthPan - ok
14:38:40.0827 3960        BTHPORT        (73d53f8e90550ba81e2cf44a0873b410) C:\Windows\system32\Drivers\BTHport.sys
14:38:40.0843 3960        BTHPORT - ok
14:38:40.0859 3960        BTHUSB          (32045a4bb143bbc5bab1298c4e9e309a) C:\Windows\system32\Drivers\BTHUSB.sys
14:38:40.0874 3960        BTHUSB - ok
14:38:40.0921 3960        btwaudio        (3ea1a20dc0ca1ad23e7aa8c37a91bcd1) C:\Windows\system32\drivers\btwaudio.sys
14:38:40.0937 3960        btwaudio - ok
14:38:40.0952 3960        btwavdt        (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
14:38:40.0968 3960        btwavdt - ok
14:38:40.0999 3960        btwrchid        (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
14:38:40.0999 3960        btwrchid - ok
14:38:41.0046 3960        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:38:41.0061 3960        cdfs - ok
14:38:41.0093 3960        cdrom          (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
14:38:41.0108 3960        cdrom - ok
14:38:41.0124 3960        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:38:41.0139 3960        circlass - ok
14:38:41.0171 3960        CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
14:38:41.0186 3960        CLFS - ok
14:38:41.0295 3960        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:38:41.0327 3960        CmBatt - ok
14:38:41.0327 3960        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:38:41.0342 3960        cmdide - ok
14:38:41.0342 3960        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:38:41.0358 3960        Compbatt - ok
14:38:41.0373 3960        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:38:41.0373 3960        crcdisk - ok
14:38:41.0405 3960        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:38:41.0420 3960        Crusoe - ok
14:38:41.0529 3960        DfsC            (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
14:38:41.0545 3960        DfsC - ok
14:38:41.0623 3960        disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
14:38:41.0639 3960        disk - ok
14:38:41.0670 3960        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:38:41.0685 3960        drmkaud - ok
14:38:41.0748 3960        DXGKrnl        (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
14:38:41.0763 3960        DXGKrnl - ok
14:38:41.0841 3960        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:38:41.0857 3960        E1G60 - ok
14:38:41.0888 3960        Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
14:38:41.0904 3960        Ecache - ok
14:38:41.0935 3960        ElbyCDIO        (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
14:38:41.0951 3960        ElbyCDIO - ok
14:38:41.0982 3960        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:38:41.0997 3960        elxstor - ok
14:38:42.0044 3960        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:38:42.0075 3960        ErrDev - ok
14:38:42.0185 3960        esihdrv - ok
14:38:42.0372 3960        exfat          (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
14:38:42.0387 3960        exfat - ok
14:38:42.0403 3960        fastfat        (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
14:38:42.0434 3960        fastfat - ok
14:38:42.0450 3960        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:38:42.0481 3960        fdc - ok
14:38:42.0559 3960        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:38:42.0575 3960        FileInfo - ok
14:38:42.0590 3960        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:38:42.0606 3960        Filetrace - ok
14:38:42.0621 3960        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:38:42.0637 3960        flpydisk - ok
14:38:42.0653 3960        FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
14:38:42.0668 3960        FltMgr - ok
14:38:42.0699 3960        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:38:42.0715 3960        Fs_Rec - ok
14:38:42.0715 3960        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:38:42.0731 3960        gagp30kx - ok
14:38:42.0793 3960        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:38:42.0824 3960        HdAudAddService - ok
14:38:42.0840 3960        HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:38:42.0871 3960        HDAudBus - ok
14:38:42.0887 3960        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:38:42.0918 3960        HidBth - ok
14:38:42.0933 3960        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:38:42.0965 3960        HidIr - ok
14:38:43.0011 3960        HidUsb          (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
14:38:43.0043 3960        HidUsb - ok
14:38:43.0058 3960        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:38:43.0058 3960        HpCISSs - ok
14:38:43.0089 3960        HTTP            (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
14:38:43.0105 3960        HTTP - ok
14:38:43.0136 3960        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:38:43.0136 3960        i2omp - ok
14:38:43.0167 3960        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:38:43.0199 3960        i8042prt - ok
14:38:43.0401 3960        ialm            (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:38:43.0479 3960        ialm - ok
14:38:43.0526 3960        iaNvStor        (3e349157986c533e3cbeb8c1e17290bb) C:\Windows\system32\DRIVERS\iaNvStor.sys
14:38:43.0542 3960        iaNvStor - ok
14:38:43.0589 3960        iaStor          (abfebc5f846c71afebd7f8f6ba740c03) C:\Windows\system32\DRIVERS\iaStor.sys
14:38:43.0604 3960        iaStor - ok
14:38:43.0635 3960        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:38:43.0651 3960        iaStorV - ok
14:38:43.0667 3960        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:38:43.0667 3960        iirsp - ok
14:38:43.0760 3960        IntcAzAudAddService (ffd2b3bc042596abe785d3c15f51ab46) C:\Windows\system32\drivers\RTKVHDA.sys
14:38:43.0838 3960        IntcAzAudAddService - ok
14:38:43.0869 3960        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:38:43.0885 3960        intelide - ok
14:38:43.0916 3960        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:38:43.0932 3960        intelppm - ok
14:38:43.0963 3960        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:38:43.0979 3960        IpFilterDriver - ok
14:38:43.0994 3960        IpInIp - ok
14:38:44.0010 3960        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:38:44.0025 3960        IPMIDRV - ok
14:38:44.0041 3960        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:38:44.0057 3960        IPNAT - ok
14:38:44.0088 3960        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:38:44.0103 3960        IRENUM - ok
14:38:44.0119 3960        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:38:44.0135 3960        isapnp - ok
14:38:44.0150 3960        iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
14:38:44.0150 3960        iScsiPrt - ok
14:38:44.0166 3960        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:38:44.0181 3960        iteatapi - ok
14:38:44.0197 3960        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:38:44.0197 3960        iteraid - ok
14:38:44.0213 3960        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:38:44.0213 3960        kbdclass - ok
14:38:44.0228 3960        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
14:38:44.0259 3960        kbdhid - ok
14:38:44.0291 3960        KMDFMEMIO      (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys
14:38:44.0306 3960        KMDFMEMIO - ok
14:38:44.0353 3960        KSecDD          (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
14:38:44.0369 3960        KSecDD - ok
14:38:44.0415 3960        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:38:44.0431 3960        lltdio - ok
14:38:44.0447 3960        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:38:44.0462 3960        LSI_FC - ok
14:38:44.0478 3960        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:38:44.0478 3960        LSI_SAS - ok
14:38:44.0509 3960        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:38:44.0525 3960        LSI_SCSI - ok
14:38:44.0525 3960        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:38:44.0556 3960        luafv - ok
14:38:44.0587 3960        MBAMProtector  (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
14:38:44.0587 3960        MBAMProtector - ok
14:38:44.0649 3960        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:38:44.0649 3960        megasas - ok
14:38:44.0759 3960        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:38:44.0774 3960        MegaSR - ok
14:38:44.0805 3960        MEMSWEEP2 - ok
14:38:44.0821 3960        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:38:44.0852 3960        Modem - ok
14:38:44.0852 3960        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:38:44.0883 3960        monitor - ok
14:38:44.0899 3960        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:38:44.0899 3960        mouclass - ok
14:38:44.0915 3960        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:38:44.0930 3960        mouhid - ok
14:38:44.0946 3960        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:38:44.0961 3960        MountMgr - ok
14:38:44.0993 3960        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:38:44.0993 3960        mpio - ok
14:38:45.0008 3960        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:38:45.0024 3960        mpsdrv - ok
14:38:45.0039 3960        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:38:45.0055 3960        Mraid35x - ok
14:38:45.0071 3960        MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
14:38:45.0086 3960        MRxDAV - ok
14:38:45.0117 3960        mrxsmb          (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:38:45.0133 3960        mrxsmb - ok
14:38:45.0149 3960        mrxsmb10        (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:38:45.0164 3960        mrxsmb10 - ok
14:38:45.0180 3960        mrxsmb20        (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:38:45.0180 3960        mrxsmb20 - ok
14:38:45.0227 3960        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
14:38:45.0242 3960        msahci - ok
14:38:45.0258 3960        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:38:45.0258 3960        msdsm - ok
14:38:45.0273 3960        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:38:45.0305 3960        Msfs - ok
14:38:45.0320 3960        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:38:45.0336 3960        msisadrv - ok
14:38:45.0367 3960        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:38:45.0383 3960        MSKSSRV - ok
14:38:45.0414 3960        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:38:45.0429 3960        MSPCLOCK - ok
14:38:45.0445 3960        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:38:45.0461 3960        MSPQM - ok
14:38:45.0476 3960        MsRPC          (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
14:38:45.0492 3960        MsRPC - ok
14:38:45.0507 3960        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:38:45.0507 3960        mssmbios - ok
14:38:45.0539 3960        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:38:45.0554 3960        MSTEE - ok
14:38:45.0570 3960        Mup            (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
14:38:45.0585 3960        Mup - ok
14:38:45.0632 3960        NativeWifiP    (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
14:38:45.0648 3960        NativeWifiP - ok
14:38:45.0757 3960        NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
14:38:45.0773 3960        NDIS - ok
14:38:45.0788 3960        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:38:45.0804 3960        NdisTapi - ok
14:38:45.0819 3960        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:38:45.0851 3960        Ndisuio - ok
14:38:45.0866 3960        NdisWan        (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
14:38:45.0897 3960        NdisWan - ok
14:38:45.0897 3960        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:38:45.0929 3960        NDProxy - ok
14:38:45.0929 3960        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:38:45.0960 3960        NetBIOS - ok
14:38:45.0975 3960        netbt          (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
14:38:46.0007 3960        netbt - ok
14:38:46.0085 3960        NETw3v32        (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
14:38:46.0194 3960        NETw3v32 - ok
14:38:46.0350 3960        NETw5v32        (0b214c6a4728f085fb64a29ed9c4de94) C:\Windows\system32\DRIVERS\NETw5v32.sys
14:38:46.0459 3960        NETw5v32 - ok
14:38:46.0506 3960        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:38:46.0521 3960        nfrd960 - ok
14:38:46.0599 3960        Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
14:38:46.0615 3960        Npfs - ok
14:38:46.0646 3960        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:38:46.0662 3960        nsiproxy - ok
14:38:46.0693 3960        Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
14:38:46.0740 3960        Ntfs - ok
14:38:46.0771 3960        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:38:46.0802 3960        ntrigdigi - ok
14:38:46.0818 3960        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:38:46.0833 3960        Null - ok
14:38:46.0865 3960        NVHDA          (a103162c62c336c2cb3c5e1e2773d17b) C:\Windows\system32\drivers\nvhda32v.sys
14:38:46.0880 3960        NVHDA - ok
14:38:47.0083 3960        nvlddmkm        (c526b4a24ef951ef219c3bfa1534b152) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:38:47.0301 3960        nvlddmkm - ok
14:38:47.0348 3960        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:38:47.0364 3960        nvraid - ok
14:38:47.0364 3960        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:38:47.0379 3960        nvstor - ok
14:38:47.0395 3960        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:38:47.0411 3960        nv_agp - ok
14:38:47.0411 3960        NwlnkFlt - ok
14:38:47.0426 3960        NwlnkFwd - ok
14:38:47.0473 3960        ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
14:38:47.0489 3960        ohci1394 - ok
14:38:47.0520 3960        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:38:47.0567 3960        Parport - ok
14:38:47.0567 3960        partmgr        (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
14:38:47.0582 3960        partmgr - ok
14:38:47.0598 3960        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:38:47.0629 3960        Parvdm - ok
14:38:47.0660 3960        pci            (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
14:38:47.0660 3960        pci - ok
14:38:47.0676 3960        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
14:38:47.0691 3960        pciide - ok
14:38:47.0691 3960        pcmcia          (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
14:38:47.0707 3960        pcmcia - ok
14:38:47.0754 3960        PDNMp50        (1bf91f352d746ad7469fa71783b5fae8) C:\Windows\system32\drivers\PDNMp50.sys
14:38:47.0754 3960        PDNMp50 - ok
14:38:47.0832 3960        PDNSp50        (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\drivers\PDNSp50.sys
14:38:47.0832 3960        PDNSp50 - ok
14:38:47.0925 3960        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:38:47.0988 3960        PEAUTH - ok
14:38:48.0035 3960        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:38:48.0066 3960        PptpMiniport - ok
14:38:48.0066 3960        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
14:38:48.0097 3960        Processor - ok
14:38:48.0144 3960        PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
14:38:48.0159 3960        PSched - ok
14:38:48.0222 3960        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:38:48.0269 3960        ql2300 - ok
14:38:48.0284 3960        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:38:48.0300 3960        ql40xx - ok
14:38:48.0315 3960        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:38:48.0315 3960        QWAVEdrv - ok
14:38:48.0331 3960        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:38:48.0362 3960        RasAcd - ok
14:38:48.0362 3960        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:38:48.0393 3960        Rasl2tp - ok
14:38:48.0409 3960        RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
14:38:48.0425 3960        RasPppoe - ok
14:38:48.0440 3960        RasSstp        (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
14:38:48.0456 3960        RasSstp - ok
14:38:48.0487 3960        rdbss          (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
14:38:48.0518 3960        rdbss - ok
14:38:48.0534 3960        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:38:48.0549 3960        RDPCDD - ok
14:38:48.0581 3960        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:38:48.0596 3960        rdpdr - ok
14:38:48.0612 3960        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:38:48.0627 3960        RDPENCDD - ok
14:38:48.0643 3960        RDPWD          (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
14:38:48.0674 3960        RDPWD - ok
14:38:48.0705 3960        RFCOMM          (10536b0ad6f416fc7f1149977c28ccdc) C:\Windows\system32\DRIVERS\rfcomm.sys
14:38:48.0721 3960        RFCOMM - ok
14:38:48.0830 3960        rkhdrv40        (d530716a10963578dd446df63ddab8fd) C:\Windows\system32\drivers\rkhdrv40.sys
14:38:48.0830 3960        rkhdrv40 ( UnsignedFile.Multi.Generic ) - warning
14:38:48.0830 3960        rkhdrv40 - detected UnsignedFile.Multi.Generic (1)
14:38:48.0893 3960        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:38:48.0908 3960        rspndr - ok
14:38:49.0002 3960        SbieDrv        (3ab6cad1ddfa84cd7bc3d1a759b1e81e) C:\Program Files\Sandboxie\SbieDrv.sys
14:38:49.0017 3960        SbieDrv - ok
14:38:49.0189 3960        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:38:49.0189 3960        sbp2port - ok
14:38:49.0220 3960        sdbus          (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
14:38:49.0236 3960        sdbus - ok
14:38:49.0251 3960        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:38:49.0283 3960        secdrv - ok
14:38:49.0329 3960        Serenum        (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
14:38:49.0361 3960        Serenum - ok
14:38:49.0392 3960        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
14:38:49.0407 3960        Serial - ok
14:38:49.0439 3960        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:38:49.0470 3960        sermouse - ok
14:38:49.0485 3960        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
14:38:49.0501 3960        sffdisk - ok
14:38:49.0517 3960        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:38:49.0532 3960        sffp_mmc - ok
14:38:49.0548 3960        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
14:38:49.0563 3960        sffp_sd - ok
14:38:49.0579 3960        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:38:49.0626 3960        sfloppy - ok
14:38:49.0641 3960        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:38:49.0641 3960        sisagp - ok
14:38:49.0657 3960        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:38:49.0673 3960        SiSRaid2 - ok
14:38:49.0673 3960        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:38:49.0688 3960        SiSRaid4 - ok
14:38:49.0704 3960        Smb            (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
14:38:49.0735 3960        Smb - ok
14:38:49.0751 3960        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:38:49.0766 3960        spldr - ok
14:38:49.0829 3960        srv            (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
14:38:49.0844 3960        srv - ok
14:38:49.0891 3960        srv2            (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
14:38:49.0907 3960        srv2 - ok
14:38:49.0953 3960        srvnet          (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
14:38:49.0969 3960        srvnet - ok
14:38:50.0016 3960        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:38:50.0016 3960        swenum - ok
14:38:50.0031 3960        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:38:50.0047 3960        Symc8xx - ok
14:38:50.0063 3960        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:38:50.0063 3960        Sym_hi - ok
14:38:50.0078 3960        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:38:50.0078 3960        Sym_u3 - ok
14:38:50.0125 3960        SynTP          (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys
14:38:50.0141 3960        SynTP - ok
14:38:50.0203 3960        Tcpip          (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
14:38:50.0234 3960        Tcpip - ok
14:38:50.0281 3960        Tcpip6          (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
14:38:50.0312 3960        Tcpip6 - ok
14:38:50.0343 3960        tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
14:38:50.0375 3960        tcpipreg - ok
14:38:50.0375 3960        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:38:50.0406 3960        TDPIPE - ok
14:38:50.0421 3960        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:38:50.0437 3960        TDTCP - ok
14:38:50.0453 3960        tdx            (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
14:38:50.0468 3960        tdx - ok
14:38:50.0484 3960        TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
14:38:50.0499 3960        TermDD - ok
14:38:50.0515 3960        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:38:50.0546 3960        tssecsrv - ok
14:38:50.0546 3960        tunnel          (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
14:38:50.0577 3960        tunnel - ok
14:38:50.0593 3960        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:38:50.0609 3960        uagp35 - ok
14:38:50.0624 3960        udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
14:38:50.0655 3960        udfs - ok
14:38:50.0671 3960        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:38:50.0687 3960        uliagpkx - ok
14:38:50.0702 3960        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:38:50.0718 3960        uliahci - ok
14:38:50.0733 3960        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:38:50.0749 3960        UlSata - ok
14:38:50.0765 3960        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:38:50.0780 3960        ulsata2 - ok
14:38:50.0796 3960        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:38:50.0811 3960        umbus - ok
14:38:50.0889 3960        UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
14:38:50.0889 3960        UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
14:38:50.0889 3960        UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
14:38:51.0061 3960        usbccgp        (afb10a231254a1920c3bb4a0d02e1ca6) C:\Windows\system32\DRIVERS\usbccgp.sys
14:38:51.0077 3960        usbccgp - ok
14:38:51.0092 3960        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:38:51.0139 3960        usbcir - ok
14:38:51.0170 3960        usbehci        (44245742c4ed2eafd69020583424455b) C:\Windows\system32\DRIVERS\usbehci.sys
14:38:51.0186 3960        usbehci - ok
14:38:51.0201 3960        usbhub          (db39b3f83af77bca019d7df6aaddbdae) C:\Windows\system32\DRIVERS\usbhub.sys
14:38:51.0217 3960        usbhub - ok
14:38:51.0248 3960        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:38:51.0295 3960        usbohci - ok
14:38:51.0326 3960        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:38:51.0357 3960        usbprint - ok
14:38:51.0389 3960        USBSTOR        (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:38:51.0404 3960        USBSTOR - ok
14:38:51.0451 3960        usbuhci        (587809974e43cfad0ca0ef6e1d940ca9) C:\Windows\system32\DRIVERS\usbuhci.sys
14:38:51.0467 3960        usbuhci - ok
14:38:51.0498 3960        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
14:38:51.0513 3960        usbvideo - ok
14:38:51.0545 3960        VClone          (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
14:38:51.0560 3960        VClone - ok
14:38:51.0591 3960        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:38:51.0623 3960        vga - ok
14:38:51.0654 3960        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:38:51.0669 3960        VgaSave - ok
14:38:51.0685 3960        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:38:51.0701 3960        viaagp - ok
14:38:51.0701 3960        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:38:51.0732 3960        ViaC7 - ok
14:38:51.0747 3960        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:38:51.0747 3960        viaide - ok
14:38:51.0779 3960        VMC302 - ok
14:38:51.0794 3960        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:38:51.0810 3960        volmgr - ok
14:38:51.0825 3960        volmgrx        (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
14:38:51.0841 3960        volmgrx - ok
14:38:51.0857 3960        volsnap        (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
14:38:51.0872 3960        volsnap - ok
14:38:51.0888 3960        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:38:51.0903 3960        vsmraid - ok
14:38:51.0919 3960        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:38:51.0966 3960        WacomPen - ok
14:38:51.0981 3960        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:38:51.0997 3960        Wanarp - ok
14:38:51.0997 3960        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:38:52.0013 3960        Wanarpv6 - ok
14:38:52.0028 3960        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:38:52.0044 3960        Wd - ok
14:38:52.0075 3960        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:38:52.0091 3960        Wdf01000 - ok
14:38:52.0137 3960        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
14:38:52.0153 3960        WmiAcpi - ok
14:38:52.0184 3960        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:38:52.0200 3960        ws2ifsl - ok
14:38:52.0215 3960        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:38:52.0247 3960        WUDFRd - ok
14:38:52.0309 3960        yukonwlh        (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
14:38:52.0325 3960        yukonwlh - ok
14:38:52.0356 3960        MBR (0x1B8)    (61a349592c4728853f4a90ff78f7628e) \Device\Harddisk0\DR0
14:38:52.0715 3960        \Device\Harddisk0\DR0 - ok
14:38:52.0715 3960        Boot (0x1200)  (2f7653308f927570b6a36e8f414c4a78) \Device\Harddisk0\DR0\Partition0
14:38:52.0715 3960        \Device\Harddisk0\DR0\Partition0 - ok
14:38:52.0746 3960        Boot (0x1200)  (d488c1d1af35510964bed559113eaf49) \Device\Harddisk0\DR0\Partition1
14:38:52.0746 3960        \Device\Harddisk0\DR0\Partition1 - ok
14:38:52.0746 3960        ============================================================
14:38:52.0746 3960        Scan finished
14:38:52.0746 3960        ============================================================
14:38:52.0746 1352        Detected object count: 4
14:38:52.0746 1352        Actual detected object count: 4
14:43:57.0773 1352        AVG Anti-Rootkit ( UnsignedFile.Multi.Generic ) - skipped by user
14:43:57.0773 1352        AVG Anti-Rootkit ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:43:57.0774 1352        AvgArCln ( UnsignedFile.Multi.Generic ) - skipped by user
14:43:57.0774 1352        AvgArCln ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:43:57.0775 1352        rkhdrv40 ( UnsignedFile.Multi.Generic ) - skipped by user
14:43:57.0775 1352        rkhdrv40 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:43:57.0777 1352        UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
14:43:57.0777 1352        UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
Gruß

DH

cosinus 16.12.2011 14:55
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

DocHolliday 17.12.2011 11:33
Moin!

Code:

Combofix Logfile:

       
Code:

       
ComboFix 11-12-16.03 - 10tacle 17.12.2011   9:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3066.2076 [GMT 1:00]
ausgeführt von:: c:\users\10tacle\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\10tacle\AppData\Local\ARS~1.CAC
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-17 bis 2011-12-17  ))))))))))))))))))))))))))))))
.
.
2011-12-17 08:35 . 2011-12-17 08:36        --------        d-----w-        c:\users\10tacle\AppData\Local\temp
2011-12-17 08:35 . 2011-12-17 08:35        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-12-16 05:33 . 2011-12-16 13:50        --------        d-----w-        c:\users\10tacle\AppData\Roaming\vlc
2011-12-15 22:24 . 2011-12-15 22:24        --------        d-----w-        C:\_OTL
2011-12-12 17:53 . 2011-12-12 17:53        --------        d-----w-        c:\users\10tacle\AppData\Roaming\Malwarebytes
2011-12-12 17:53 . 2011-12-12 17:53        --------        d-----w-        c:\programdata\Malwarebytes
2011-12-12 17:53 . 2011-12-12 17:53        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-12-12 17:53 . 2011-08-31 16:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-12-11 10:51 . 2011-12-11 10:51        --------        d-----w-        c:\users\10tacle\AppData\Roaming\InstallShield Installation Information
2011-12-11 10:36 . 2011-12-11 10:36        --------        d-----w-        c:\program files\Unreal Tournament 3 (LG)
2011-12-11 10:35 . 2011-12-11 10:35        --------        d-----w-        c:\windows\system32\AGEIA
2011-12-11 10:35 . 2011-12-11 10:35        --------        d-----w-        c:\program files\AGEIA Technologies
2011-12-10 18:29 . 2011-12-15 18:59        --------        d-----w-        c:\program files\RootKit Hook Analyzer
2011-12-10 18:29 . 2007-07-06 23:39        19248        ----a-w-        c:\windows\system32\drivers\rspsc32.sys
2011-12-10 17:39 . 2007-01-18 12:00        3968        ----a-w-        c:\windows\system32\drivers\AvgArCln.sys
2011-12-10 17:37 . 2011-12-15 18:58        24320        ----a-w-        c:\windows\system32\drivers\rkhdrv40.sys
2011-12-10 17:36 . 2011-12-10 17:36        --------        d-----w-        c:\program files\RkUnhooker
2011-12-07 20:05 . 2011-12-07 20:05        --------        d-----w-        c:\users\10tacle\AppData\Roaming\Canneverbe Limited
2011-12-07 20:05 . 2011-12-07 20:05        --------        d-----w-        c:\programdata\Canneverbe Limited
2011-12-04 00:08 . 2011-12-04 00:09        --------        d-----w-        c:\program files\Paint.NET
2011-12-04 00:08 . 2011-12-04 00:10        --------        d-----w-        c:\users\10tacle\AppData\Local\Paint.NET
2011-12-03 23:56 . 2011-12-03 23:56        --------        d-----w-        c:\users\10tacle\AppData\Roaming\Microsoft Corporation
2011-12-03 19:13 . 2011-12-04 12:20        --------        d-----w-        c:\users\10tacle\AppData\Roaming\X-NetStat
2011-12-03 19:12 . 2011-12-03 19:12        --------        d-----w-        c:\program files\X-NetStat Professional
2011-12-03 18:33 . 2011-12-03 18:33        --------        d-----w-        c:\users\User
2011-12-03 16:24 . 2011-12-03 16:24        --------        d-----w-        c:\program files\Sygate
2011-12-03 16:23 . 2011-12-11 10:35        --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard
2011-12-03 15:45 . 2011-12-03 15:45        --------        d-----w-        c:\users\10tacle\AppData\Local\Google
2011-12-03 15:45 . 2011-12-03 15:45        --------        d-----w-        c:\program files\Google
2011-12-03 15:45 . 2011-11-28 17:53        435032        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2011-12-03 15:45 . 2011-11-28 17:53        314456        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2011-12-03 15:45 . 2011-11-28 17:52        34392        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2011-12-03 15:45 . 2011-11-28 17:52        52952        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2011-12-03 15:45 . 2011-11-28 17:51        20568        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2011-12-03 15:45 . 2011-11-28 17:52        55128        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2011-12-03 15:44 . 2011-11-28 18:01        41184        ----a-w-        c:\windows\avastSS.scr
2011-12-03 15:44 . 2011-11-28 18:01        199816        ----a-w-        c:\windows\system32\aswBoot.exe
2011-12-03 15:44 . 2011-12-03 15:44        --------        d-----w-        c:\programdata\AVAST Software
2011-12-03 15:44 . 2011-12-03 15:44        --------        d-----w-        c:\program files\AVAST Software
2011-12-03 14:34 . 2011-12-03 14:34        --------        d-----w-        c:\program files\Unlocker
2011-12-03 13:12 . 2011-12-03 13:12        --------        d-----w-        c:\program files\Port Explorer
2011-12-03 13:12 . 2006-10-23 13:32        40960        ----a-w-        c:\windows\system32\dcsws2.dll
2011-12-03 13:12 . 1999-03-12 13:31        7440        ----a-w-        c:\windows\system32\sporder.dll
2011-12-01 18:55 . 2011-12-01 18:55        --------        d-----r-        C:\Sandbox
2011-12-01 17:27 . 2011-12-01 17:27        --------        d-----w-        c:\program files\Sandboxie
2011-12-01 16:47 . 2011-12-01 16:47        --------        d-----w-        c:\users\10tacle\AppData\Roaming\TrackWinstall
2011-12-01 16:40 . 2011-12-01 16:41        --------        d-----w-        c:\program files\Takatis - A Tribute To Manfred Trenz
2011-12-01 15:18 . 2011-12-01 15:18        --------        d-----w-        c:\program files\ID Security Suite
2011-11-29 17:16 . 2011-12-03 16:16        --------        d-----w-        c:\programdata\CPA_VA
2011-11-28 22:17 . 2011-11-28 22:21        --------        d-----w-        c:\users\10tacle\AppData\Local\PRT Demo
2011-11-28 19:29 . 2011-11-28 19:29        --------        d-----w-        c:\users\10tacle\AppData\Local\Apps
2011-11-27 18:59 . 2011-11-27 18:59        --------        d-----w-        c:\users\10tacle\AppData\Roaming\dvdcss-BackupByVLCPortable
2011-11-27 17:30 . 2011-06-21 10:24        32768        ----a-w-        c:\windows\system32\drivers\sp_rsdrv2.sys
2011-11-26 19:24 . 2011-11-26 19:24        --------        d-----w-        c:\users\10tacle\AppData\Roaming\MAXON
2011-11-26 19:06 . 2011-11-26 19:18        --------        d-----w-        C:\c4d
2011-11-24 16:35 . 2011-11-24 16:35        --------        d-----w-        c:\users\10tacle\AppData\Local\Comodo
2011-11-24 05:37 . 2010-09-06 16:24        125952        ----a-w-        c:\windows\system32\srvsvc.dll
2011-11-24 05:37 . 2010-09-06 16:23        17920        ----a-w-        c:\windows\system32\netevent.dll
2011-11-24 05:36 . 2009-08-24 12:16        378368        ----a-w-        c:\windows\system32\winhttp.dll
2011-11-23 20:26 . 2011-11-23 20:26        --------        d-----w-        c:\users\Default\AppData\Local\Microsoft Help
2011-11-23 20:17 . 2008-06-20 01:14        105016        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-11-23 20:17 . 2008-06-20 01:14        97800        ----a-w-        c:\windows\system32\infocardapi.dll
2011-11-23 20:17 . 2008-06-20 01:14        37384        ----a-w-        c:\windows\system32\infocardcpl.cpl
2011-11-23 20:17 . 2008-06-20 01:14        11264        ----a-w-        c:\windows\system32\icardres.dll
2011-11-23 20:17 . 2008-06-20 01:14        622080        ----a-w-        c:\windows\system32\icardagt.exe
2011-11-23 20:17 . 2008-06-20 01:14        781344        ----a-w-        c:\windows\system32\PresentationNative_v0300.dll
2011-11-23 20:14 . 2008-07-27 18:03        158720        ----a-w-        c:\windows\system32\mscorier.dll
2011-11-23 20:13 . 2008-07-27 18:03        83968        ----a-w-        c:\windows\system32\mscories.dll
2011-11-23 19:13 . 2011-11-23 19:13        --------        d-----w-        c:\program files\Gravity
2011-11-23 19:01 . 2011-11-23 19:01        --------        d-----w-        C:\VritualRoot
2011-11-23 16:51 . 2011-12-01 15:00        --------        d-----w-        C:\574a2e6a41ff2f6b493a5270bd31b0e8
2011-11-23 16:16 . 2011-11-23 16:16        --------        d-----w-        c:\users\10tacle\dwhelper
2011-11-23 16:16 . 2008-04-30 05:36        454656        ----a-w-        c:\program files\Common Files\System\msadc\msadce.dll
2011-11-23 16:14 . 2010-02-12 10:48        293376        ----a-w-        c:\windows\system32\browserchoice.exe
2011-11-23 16:12 . 2011-11-23 16:12        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 16:08 . 2010-02-20 23:39        24064        ----a-w-        c:\windows\system32\nshhttp.dll
2011-11-23 16:08 . 2010-02-20 21:18        411136        ----a-w-        c:\windows\system32\drivers\http.sys
2011-11-23 16:08 . 2010-02-20 23:37        31232        ----a-w-        c:\windows\system32\httpapi.dll
2011-11-22 19:36 . 2009-08-10 13:05        351232        ----a-w-        c:\windows\system32\WSDApi.dll
2011-11-22 19:24 . 2010-06-02 03:55        74072        ----a-w-        c:\windows\system32\XAPOFX1_5.dll
2011-11-22 19:24 . 2010-06-02 03:55        527192        ----a-w-        c:\windows\system32\XAudio2_7.dll
2011-11-22 19:24 . 2010-06-02 03:55        239960        ----a-w-        c:\windows\system32\xactengine3_7.dll
2011-11-22 19:24 . 2010-05-26 10:41        2106216        ----a-w-        c:\windows\system32\D3DCompiler_43.dll
2011-11-22 19:24 . 2010-05-26 10:41        470880        ----a-w-        c:\windows\system32\d3dx10_43.dll
2011-11-22 19:24 . 2010-05-26 10:41        248672        ----a-w-        c:\windows\system32\d3dx11_43.dll
2011-11-22 19:24 . 2010-05-26 10:41        1868128        ----a-w-        c:\windows\system32\d3dcsx_43.dll
2011-11-22 19:24 . 2010-05-26 10:41        1998168        ----a-w-        c:\windows\system32\D3DX9_43.dll
2011-11-22 19:24 . 2010-02-04 09:01        74072        ----a-w-        c:\windows\system32\XAPOFX1_4.dll
2011-11-22 19:24 . 2010-02-04 09:01        528216        ----a-w-        c:\windows\system32\XAudio2_6.dll
2011-11-22 19:24 . 2010-02-04 09:01        238936        ----a-w-        c:\windows\system32\xactengine3_6.dll
2011-11-22 19:22 . 2011-11-22 19:22        --------        d-----w-        c:\users\10tacle\AppData\Local\Microsoft Help
2011-11-22 19:22 . 2011-11-22 19:21        111960        ----a-w-        c:\windows\dxsdkuninst.exe
2011-11-22 19:22 . 2011-11-22 19:24        --------        d-----w-        c:\program files\Microsoft DirectX SDK (June 2010)
2011-11-22 19:02 . 2011-11-23 15:51        --------        d-----w-        c:\programdata\Comodo
2011-11-22 19:02 . 2011-11-22 19:02        348160        ----a-w-        c:\windows\system32\msvcr71.dll
2011-11-22 19:02 . 2011-11-22 19:02        1700352        ----a-w-        c:\windows\system32\gdiplus.dll
2011-11-22 19:02 . 2011-11-22 19:02        1060864        ----a-w-        c:\windows\system32\mfc71.dll
2011-11-22 19:01 . 2010-06-11 15:30        1257472        ----a-w-        c:\windows\system32\msxml3.dll
2011-11-22 19:01 . 2011-11-22 19:02        --------        d-----w-        c:\programdata\Comodo Downloader
2011-11-22 19:01 . 2008-08-12 03:39        443392        ----a-w-        c:\windows\system32\win32spl.dll
2011-11-22 19:01 . 2008-08-02 03:26        36864        ----a-w-        c:\windows\system32\cdd.dll
2011-11-22 19:01 . 2008-08-02 01:01        625152        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2011-11-22 19:01 . 2008-06-26 03:29        565248        ----a-w-        c:\windows\system32\emdmgmt.dll
2011-11-22 19:01 . 2008-06-26 03:29        45056        ----a-w-        c:\windows\system32\dataclen.dll
2011-11-22 19:01 . 2010-10-28 12:56        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-11-22 18:59 . 2011-02-16 13:24        292864        ----a-w-        c:\windows\system32\atmfd.dll
2011-11-22 18:58 . 2011-02-22 12:51        69632        ----a-w-        c:\windows\system32\drivers\bowser.sys
2011-11-22 18:57 . 2009-06-10 12:12        160256        ----a-w-        c:\windows\system32\wkssvc.dll
2011-11-22 18:56 . 2009-03-03 04:40        499200        ----a-w-        c:\windows\system32\wbem\WmiPrvSD.dll
2011-11-22 18:55 . 2011-11-22 18:55        --------        d-----w-        c:\users\10tacle\AppData\Roaming\Hansenet
2011-11-22 18:55 . 2011-11-22 18:55        --------        d-----w-        c:\program files\Alice Software
2011-11-22 18:35 . 2005-05-05 20:39        42982        ----a-w-        c:\windows\system32\pddsladp.dll
2011-11-22 18:35 . 2005-05-05 20:38        15187        ----a-w-        c:\windows\system32\drivers\pddslhnd.sys
2011-11-22 18:35 . 2005-05-05 20:35        15571        ----a-w-        c:\windows\system32\drivers\pddsladp.sys
2011-11-22 18:26 . 2010-08-31 15:40        531968        ----a-w-        c:\windows\system32\comctl32.dll
2011-11-22 18:26 . 2009-04-02 12:37        604672        ----a-w-        c:\windows\system32\WMSPDMOD.DLL
2011-11-22 18:26 . 2009-12-28 12:32        22528        ----a-w-        c:\windows\system32\msyuv.dll
2011-11-22 18:26 . 2009-12-28 12:32        31744        ----a-w-        c:\windows\system32\msvidc32.dll
2011-11-22 18:26 . 2009-12-28 12:32        13312        ----a-w-        c:\windows\system32\msrle32.dll
2011-11-22 18:26 . 2009-12-28 12:35        11776        ----a-w-        c:\windows\system32\tsbyuv.dll
2011-11-22 18:26 . 2009-12-28 12:31        50176        ----a-w-        c:\windows\system32\iyuv_32.dll
2011-11-22 18:26 . 2009-12-28 12:28        91136        ----a-w-        c:\windows\system32\avifil32.dll
2011-11-22 18:25 . 2009-12-28 12:32        123904        ----a-w-        c:\windows\system32\msvfw32.dll
2011-11-22 18:25 . 2009-12-28 12:31        82944        ----a-w-        c:\windows\system32\mciavi32.dll
2011-11-22 18:25 . 2009-12-28 12:28        65024        ----a-w-        c:\windows\system32\avicap32.dll
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01        122512        ----a-w-        c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 92704]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk.disabled]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk.disabled
backup=c:\windows\pss\BTTray.lnk.disabled.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2011-11-23 13:17        442640        ----a-w-        c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44        85160        ----a-w-        c:\program files\Utilities\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23        1008184        ----a-w-        c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"CisPostUninstall"="c:\users\10tacle\AppData\Local\Temp\cis6344.exe" --PostUninstall
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-03 136176]
R3 ADDMEM;ADDMEM;c:\users\ADMINI~1\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [x]
R3 BAIIQIX;BAIIQIX;c:\users\10tacle\AppData\Local\Temp\BAIIQIX.exe [x]
R3 DDFPVSEE;DDFPVSEE;c:\users\10tacle\AppData\Local\Temp\DDFPVSEE.exe [x]
R3 ENAXITTPPCKHEU;ENAXITTPPCKHEU;c:\users\10tacle\AppData\Local\Temp\ENAXITTPPCKHEU.exe [x]
R3 esihdrv;esihdrv;c:\users\10tacle\AppData\Local\Temp\esihdrv.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-03 136176]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\2A99.tmp [x]
R3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [2006-11-28 28224]
R3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [2006-11-28 27072]
R3 rkhdrv40;Rootkit Unhooker Driver; [x]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [x]
R3 WABGQEVHZOI;WABGQEVHZOI;c:\users\10tacle\AppData\Local\Temp\WABGQEVHZOI.exe [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2008-05-08 226328]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2008-09-12 13312]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-20 3663360]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-08-05 44576]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ           BthServ
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp:\\www.samsungcomputer.com
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\dcsws2.dll
FF - ProfilePath - c:\users\10tacle\AppData\Roaming\Mozilla\Firefox\Profiles\4hv8ckb0.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-17 09:36
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2A99.tmp"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\dcsws2.dll
.
Zeit der Fertigstellung: 2011-12-17  09:38:13
ComboFix-quarantined-files.txt  2011-12-17 08:38
.
Vor Suchlauf: 10 Verzeichnis(se), 80.507.445.248 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 80.453.136.384 Bytes frei
.
- - End Of File - - 4ACED62C72D24CA3438FEC78E6A7A93E

--- --- ---
Ich werde bis zum 6.1 nicht im Lande sein!(Urlaub)
Wir müssten das Desinfizieren im neuen Jahr fortsetzen.

Erstmal vielen Dank! :dankeschoen:
Frohes Fest und guten Rutsch!

DH

DocHolliday 17.12.2011 18:47
Öh, eine Frage hätte ich noch!
Ich bekomme unter Start-Einstellungen-Netzwerkverbindungen keine Anzeige.
Netzwerkkarte etc werden überhaupt nicht angezeigt!
Wenn ich versuche, die Netzwerkerkennung(Systemsteuerung) einzuschalten, erhalte ich die Fehlermeldung
"Netzwerk und Freigabecenter:Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden"
Haben wir beim Desinfizieren jetzt irgendwas Lebenswichtiges zerschossen???
:headbang:

Nochmals frohes Fest und guten Rutsch!

DH

cosinus 17.12.2011 20:53
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Dequarantine::
c:\programdata\Roaming
Quit::
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

DocHolliday 17.12.2011 21:55
Nabend!
Ich habe das Skript geschrieben und mit Combofix durchlaufen lassen, aber die Netzwerkanzeige klappt nach wie vor nicht!
Habe ich was falsch gemacht? :balla:


Gruß
DH
[code]
Combofix Logfile:
Code:
ComboFix 11-12-16.03 - 10tacle 17.12.2011  21:34:00.2.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.49.1031.18.3066.2228 [GMT 1:00]
ausgeführt von:: c:\users\10tacle\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\10tacle\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-11-17 bis 2011-12-17  ))))))))))))))))))))))))))))))
.
.
2011-12-17 20:41 . 2011-12-17 20:41        --------        d-----w-        c:\users\10tacle\AppData\Local\temp
2011-12-17 20:41 . 2011-12-17 20:41        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-12-15 22:24 . 2011-12-15 22:24        --------        d-----w-        C:\_OTL
2011-12-12 17:53 . 2011-12-12 17:53        --------        d-----w-        c:\users\10tacle\AppData\Roaming\Malwarebytes
2011-12-12 17:53 . 2011-12-12 17:53        --------        d-----w-        c:\programdata\Malwarebytes
2011-12-12 17:53 . 2011-12-12 17:53        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-12-12 17:53 . 2011-08-31 16:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-12-11 10:51 . 2011-12-11 10:51        --------        d-----w-        c:\users\10tacle\AppData\Roaming\InstallShield Installation Information
2011-12-11 10:36 . 2011-12-11 10:36        --------        d-----w-        c:\program files\Unreal Tournament 3 (LG)
2011-12-11 10:35 . 2011-12-11 10:35        --------        d-----w-        c:\windows\system32\AGEIA
2011-12-11 10:35 . 2011-12-11 10:35        --------        d-----w-        c:\program files\AGEIA Technologies
2011-12-10 18:29 . 2011-12-15 18:59        --------        d-----w-        c:\program files\RootKit Hook Analyzer
2011-12-10 18:29 . 2007-07-06 23:39        19248        ----a-w-        c:\windows\system32\drivers\rspsc32.sys
2011-12-10 17:39 . 2007-01-18 12:00        3968        ----a-w-        c:\windows\system32\drivers\AvgArCln.sys
2011-12-10 17:37 . 2011-12-15 18:58        24320        ----a-w-        c:\windows\system32\drivers\rkhdrv40.sys
2011-12-10 17:36 . 2011-12-10 17:36        --------        d-----w-        c:\program files\RkUnhooker
2011-12-07 20:05 . 2011-12-07 20:05        --------        d-----w-        c:\users\10tacle\AppData\Roaming\Canneverbe Limited
2011-12-07 20:05 . 2011-12-07 20:05        --------        d-----w-        c:\programdata\Canneverbe Limited
2011-12-04 00:08 . 2011-12-04 00:09        --------        d-----w-        c:\program files\Paint.NET
2011-12-04 00:08 . 2011-12-04 00:10        --------        d-----w-        c:\users\10tacle\AppData\Local\Paint.NET
2011-12-03 23:56 . 2011-12-03 23:56        --------        d-----w-        c:\users\10tacle\AppData\Roaming\Microsoft Corporation
2011-12-03 19:13 . 2011-12-04 12:20        --------        d-----w-        c:\users\10tacle\AppData\Roaming\X-NetStat
2011-12-03 19:12 . 2011-12-03 19:12        --------        d-----w-        c:\program files\X-NetStat Professional
2011-12-03 18:33 . 2011-12-03 18:33        --------        d-----w-        c:\users\User
2011-12-03 16:24 . 2011-12-03 16:24        --------        d-----w-        c:\program files\Sygate
2011-12-03 16:23 . 2011-12-11 10:35        --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard
2011-12-03 15:45 . 2011-12-03 15:45        --------        d-----w-        c:\users\10tacle\AppData\Local\Google
2011-12-03 15:45 . 2011-12-03 15:45        --------        d-----w-        c:\program files\Google
2011-12-03 15:45 . 2011-11-28 17:53        435032        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2011-12-03 15:45 . 2011-11-28 17:53        314456        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2011-12-03 15:45 . 2011-11-28 17:52        34392        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2011-12-03 15:45 . 2011-11-28 17:52        52952        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2011-12-03 15:45 . 2011-11-28 17:51        20568        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2011-12-03 15:45 . 2011-11-28 17:52        55128        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2011-12-03 15:44 . 2011-11-28 18:01        41184        ----a-w-        c:\windows\avastSS.scr
2011-12-03 15:44 . 2011-11-28 18:01        199816        ----a-w-        c:\windows\system32\aswBoot.exe
2011-12-03 15:44 . 2011-12-03 15:44        --------        d-----w-        c:\programdata\AVAST Software
2011-12-03 15:44 . 2011-12-03 15:44        --------        d-----w-        c:\program files\AVAST Software
2011-12-03 14:34 . 2011-12-03 14:34        --------        d-----w-        c:\program files\Unlocker
2011-12-03 13:12 . 2011-12-03 13:12        --------        d-----w-        c:\program files\Port Explorer
2011-12-03 13:12 . 2006-10-23 13:32        40960        ----a-w-        c:\windows\system32\dcsws2.dll
2011-12-03 13:12 . 1999-03-12 13:31        7440        ----a-w-        c:\windows\system32\sporder.dll
2011-12-01 18:55 . 2011-12-01 18:55        --------        d-----r-        C:\Sandbox
2011-12-01 17:27 . 2011-12-01 17:27        --------        d-----w-        c:\program files\Sandboxie
2011-12-01 16:47 . 2011-12-01 16:47        --------        d-----w-        c:\users\10tacle\AppData\Roaming\TrackWinstall
2011-12-01 16:40 . 2011-12-01 16:41        --------        d-----w-        c:\program files\Takatis - A Tribute To Manfred Trenz
2011-12-01 15:18 . 2011-12-01 15:18        --------        d-----w-        c:\program files\ID Security Suite
2011-11-29 17:16 . 2011-12-03 16:16        --------        d-----w-        c:\programdata\CPA_VA
2011-11-28 22:17 . 2011-11-28 22:21        --------        d-----w-        c:\users\10tacle\AppData\Local\PRT Demo
2011-11-28 19:29 . 2011-11-28 19:29        --------        d-----w-        c:\users\10tacle\AppData\Local\Apps
2011-11-27 18:59 . 2011-11-27 18:59        --------        d-----w-        c:\users\10tacle\AppData\Roaming\dvdcss
2011-11-27 17:30 . 2011-06-21 10:24        32768        ----a-w-        c:\windows\system32\drivers\sp_rsdrv2.sys
2011-11-26 19:24 . 2011-11-26 19:24        --------        d-----w-        c:\users\10tacle\AppData\Roaming\MAXON
2011-11-26 19:06 . 2011-11-26 19:18        --------        d-----w-        C:\c4d
2011-11-24 16:35 . 2011-11-24 16:35        --------        d-----w-        c:\users\10tacle\AppData\Local\Comodo
2011-11-24 05:37 . 2010-09-06 16:24        125952        ----a-w-        c:\windows\system32\srvsvc.dll
2011-11-24 05:37 . 2010-09-06 16:23        17920        ----a-w-        c:\windows\system32\netevent.dll
2011-11-24 05:36 . 2009-08-24 12:16        378368        ----a-w-        c:\windows\system32\winhttp.dll
2011-11-23 20:26 . 2011-11-23 20:26        --------        d-----w-        c:\users\Default\AppData\Local\Microsoft Help
2011-11-23 20:17 . 2008-06-20 01:14        105016        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-11-23 20:17 . 2008-06-20 01:14        97800        ----a-w-        c:\windows\system32\infocardapi.dll
2011-11-23 20:17 . 2008-06-20 01:14        37384        ----a-w-        c:\windows\system32\infocardcpl.cpl
2011-11-23 20:17 . 2008-06-20 01:14        11264        ----a-w-        c:\windows\system32\icardres.dll
2011-11-23 20:17 . 2008-06-20 01:14        622080        ----a-w-        c:\windows\system32\icardagt.exe
2011-11-23 20:17 . 2008-06-20 01:14        781344        ----a-w-        c:\windows\system32\PresentationNative_v0300.dll
2011-11-23 20:14 . 2008-07-27 18:03        158720        ----a-w-        c:\windows\system32\mscorier.dll
2011-11-23 20:13 . 2008-07-27 18:03        83968        ----a-w-        c:\windows\system32\mscories.dll
2011-11-23 19:13 . 2011-11-23 19:13        --------        d-----w-        c:\program files\Gravity
2011-11-23 19:01 . 2011-11-23 19:01        --------        d-----w-        C:\VritualRoot
2011-11-23 16:51 . 2011-12-01 15:00        --------        d-----w-        C:\574a2e6a41ff2f6b493a5270bd31b0e8
2011-11-23 16:16 . 2011-11-23 16:16        --------        d-----w-        c:\users\10tacle\dwhelper
2011-11-23 16:16 . 2008-04-30 05:36        454656        ----a-w-        c:\program files\Common Files\System\msadc\msadce.dll
2011-11-23 16:14 . 2010-02-12 10:48        293376        ----a-w-        c:\windows\system32\browserchoice.exe
2011-11-23 16:12 . 2011-11-23 16:12        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 16:08 . 2010-02-20 23:39        24064        ----a-w-        c:\windows\system32\nshhttp.dll
2011-11-23 16:08 . 2010-02-20 21:18        411136        ----a-w-        c:\windows\system32\drivers\http.sys
2011-11-23 16:08 . 2010-02-20 23:37        31232        ----a-w-        c:\windows\system32\httpapi.dll
2011-11-22 19:36 . 2009-08-10 13:05        351232        ----a-w-        c:\windows\system32\WSDApi.dll
2011-11-22 19:24 . 2010-06-02 03:55        74072        ----a-w-        c:\windows\system32\XAPOFX1_5.dll
2011-11-22 19:24 . 2010-06-02 03:55        527192        ----a-w-        c:\windows\system32\XAudio2_7.dll
2011-11-22 19:24 . 2010-06-02 03:55        239960        ----a-w-        c:\windows\system32\xactengine3_7.dll
2011-11-22 19:24 . 2010-05-26 10:41        2106216        ----a-w-        c:\windows\system32\D3DCompiler_43.dll
2011-11-22 19:24 . 2010-05-26 10:41        470880        ----a-w-        c:\windows\system32\d3dx10_43.dll
2011-11-22 19:24 . 2010-05-26 10:41        248672        ----a-w-        c:\windows\system32\d3dx11_43.dll
2011-11-22 19:24 . 2010-05-26 10:41        1868128        ----a-w-        c:\windows\system32\d3dcsx_43.dll
2011-11-22 19:24 . 2010-05-26 10:41        1998168        ----a-w-        c:\windows\system32\D3DX9_43.dll
2011-11-22 19:24 . 2010-02-04 09:01        74072        ----a-w-        c:\windows\system32\XAPOFX1_4.dll
2011-11-22 19:24 . 2010-02-04 09:01        528216        ----a-w-        c:\windows\system32\XAudio2_6.dll
2011-11-22 19:24 . 2010-02-04 09:01        238936        ----a-w-        c:\windows\system32\xactengine3_6.dll
2011-11-22 19:22 . 2011-11-22 19:22        --------        d-----w-        c:\users\10tacle\AppData\Local\Microsoft Help
2011-11-22 19:22 . 2011-11-22 19:21        111960        ----a-w-        c:\windows\dxsdkuninst.exe
2011-11-22 19:22 . 2011-11-22 19:24        --------        d-----w-        c:\program files\Microsoft DirectX SDK (June 2010)
2011-11-22 19:02 . 2011-11-23 15:51        --------        d-----w-        c:\programdata\Comodo
2011-11-22 19:02 . 2011-11-22 19:02        348160        ----a-w-        c:\windows\system32\msvcr71.dll
2011-11-22 19:02 . 2011-11-22 19:02        1700352        ----a-w-        c:\windows\system32\gdiplus.dll
2011-11-22 19:02 . 2011-11-22 19:02        1060864        ----a-w-        c:\windows\system32\mfc71.dll
2011-11-22 19:01 . 2010-06-11 15:30        1257472        ----a-w-        c:\windows\system32\msxml3.dll
2011-11-22 19:01 . 2011-11-22 19:02        --------        d-----w-        c:\programdata\Comodo Downloader
2011-11-22 19:01 . 2008-08-12 03:39        443392        ----a-w-        c:\windows\system32\win32spl.dll
2011-11-22 19:01 . 2008-08-02 03:26        36864        ----a-w-        c:\windows\system32\cdd.dll
2011-11-22 19:01 . 2008-08-02 01:01        625152        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2011-11-22 19:01 . 2008-06-26 03:29        565248        ----a-w-        c:\windows\system32\emdmgmt.dll
2011-11-22 19:01 . 2008-06-26 03:29        45056        ----a-w-        c:\windows\system32\dataclen.dll
2011-11-22 19:01 . 2010-10-28 12:56        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-11-22 18:59 . 2011-02-16 13:24        292864        ----a-w-        c:\windows\system32\atmfd.dll
2011-11-22 18:58 . 2011-02-22 12:51        69632        ----a-w-        c:\windows\system32\drivers\bowser.sys
2011-11-22 18:57 . 2009-06-10 12:12        160256        ----a-w-        c:\windows\system32\wkssvc.dll
2011-11-22 18:56 . 2009-03-03 04:40        499200        ----a-w-        c:\windows\system32\wbem\WmiPrvSD.dll
2011-11-22 18:55 . 2011-11-22 18:55        --------        d-----w-        c:\users\10tacle\AppData\Roaming\Hansenet
2011-11-22 18:55 . 2011-11-22 18:55        --------        d-----w-        c:\program files\Alice Software
2011-11-22 18:35 . 2005-05-05 20:39        42982        ----a-w-        c:\windows\system32\pddsladp.dll
2011-11-22 18:35 . 2005-05-05 20:38        15187        ----a-w-        c:\windows\system32\drivers\pddslhnd.sys
2011-11-22 18:35 . 2005-05-05 20:35        15571        ----a-w-        c:\windows\system32\drivers\pddsladp.sys
2011-11-22 18:26 . 2010-08-31 15:40        531968        ----a-w-        c:\windows\system32\comctl32.dll
2011-11-22 18:26 . 2009-04-02 12:37        604672        ----a-w-        c:\windows\system32\WMSPDMOD.DLL
2011-11-22 18:26 . 2009-12-28 12:32        22528        ----a-w-        c:\windows\system32\msyuv.dll
2011-11-22 18:26 . 2009-12-28 12:32        31744        ----a-w-        c:\windows\system32\msvidc32.dll
2011-11-22 18:26 . 2009-12-28 12:32        13312        ----a-w-        c:\windows\system32\msrle32.dll
2011-11-22 18:26 . 2009-12-28 12:35        11776        ----a-w-        c:\windows\system32\tsbyuv.dll
2011-11-22 18:26 . 2009-12-28 12:31        50176        ----a-w-        c:\windows\system32\iyuv_32.dll
2011-11-22 18:26 . 2009-12-28 12:28        91136        ----a-w-        c:\windows\system32\avifil32.dll
2011-11-22 18:25 . 2009-12-28 12:32        123904        ----a-w-        c:\windows\system32\msvfw32.dll
2011-11-22 18:25 . 2009-12-28 12:31        82944        ----a-w-        c:\windows\system32\mciavi32.dll
2011-11-22 18:25 . 2009-12-28 12:28        65024        ----a-w-        c:\windows\system32\avicap32.dll
2011-11-22 18:25 . 2011-04-29 14:54        276992        ----a-w-        c:\windows\system32\schannel.dll
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01        122512        ----a-w-        c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 442640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 92704]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"VirtualCloneDrive"="c:\program files\Utilities\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk.disabled [2008-9-12 807]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"CisPostUninstall"="c:\users\10tacle\AppData\Local\Temp\cis6344.exe" --PostUninstall
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-03 136176]
R3 ADDMEM;ADDMEM;c:\users\ADMINI~1\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [x]
R3 BAIIQIX;BAIIQIX;c:\users\10tacle\AppData\Local\Temp\BAIIQIX.exe [x]
R3 DDFPVSEE;DDFPVSEE;c:\users\10tacle\AppData\Local\Temp\DDFPVSEE.exe [x]
R3 ENAXITTPPCKHEU;ENAXITTPPCKHEU;c:\users\10tacle\AppData\Local\Temp\ENAXITTPPCKHEU.exe [x]
R3 esihdrv;esihdrv;c:\users\10tacle\AppData\Local\Temp\esihdrv.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-03 136176]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\2A99.tmp [x]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-20 3663360]
R3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [2006-11-28 28224]
R3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [2006-11-28 27072]
R3 rkhdrv40;Rootkit Unhooker Driver; [x]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [x]
R3 WABGQEVHZOI;WABGQEVHZOI;c:\users\10tacle\AppData\Local\Temp\WABGQEVHZOI.exe [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2008-05-08 226328]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2008-09-12 13312]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-08-05 44576]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp:\\www.samsungcomputer.com
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\dcsws2.dll
TCP: Interfaces\{ABC22F5F-4276-4E60-BA6B-CDAE35F04433}: NameServer = 62.109.123.6 213.191.92.87
FF - ProfilePath - c:\users\10tacle\AppData\Roaming\Mozilla\Firefox\Profiles\4hv8ckb0.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-17 21:41
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2A99.tmp"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(816)
c:\windows\system32\dcsws2.dll
.
Zeit der Fertigstellung: 2011-12-17  21:43:04
ComboFix-quarantined-files.txt  2011-12-17 20:43
ComboFix2.txt  2011-12-17 08:38
.
Vor Suchlauf: 14 Verzeichnis(se), 80.378.114.048 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 80.354.942.976 Bytes frei
.
- - End Of File - - C2F444EEDCF56935BED399F5728B8CBE
--- --- ---

cosinus 18.12.2011 13:14
Funktioniert nur die Anzeige nicht oder bekommst du mit diesem Rechner jetzt auch keine Netzwerk/Internetverbindung mehr hin?

DocHolliday 18.12.2011 13:38
Nur die Anzeige funzt nicht!
Internet klappt komischerweise gut!

Gruß
DH

cosinus 18.12.2011 14:04
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

DocHolliday 21.12.2011 23:43
Nabend!

Hier kommt das OSAM-Log.
Gmer ist gecrasht!(Bluescreen, mit einer Fehlermeldung über aujasnkj.sys)
Der Rest kommt morgen! :sleepy:

MfG
DH

Code:
OSAM Logfile:

       
Code:

       
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:51:35 on 21.12.2011

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 8.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl
"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ADDMEM" (ADDMEM) - ? - C:\Users\ADMINI~1\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS  (File not found)
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys
"AVG Anti-Rootkit" (AVG Anti-Rootkit) - "GRISOFT, s.r.o." - C:\Windows\System32\DRIVERS\avgarkt.sys
"Avg Anti-Rootkit Clean Driver" (AvgArCln) - "GRISOFT, s.r.o." - C:\Windows\System32\DRIVERS\AvgArCln.sys
"catchme" (catchme) - ? - C:\Users\10tacle\AppData\Local\Temp\catchme.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"esihdrv" (esihdrv) - ? - C:\Users\10tacle\AppData\Local\Temp\esihdrv.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"MEMSWEEP2" (MEMSWEEP2) - ? - C:\Windows\system32\DD25.tmp  (File not found)
"PDNMp50 NDIS Protocol Driver" (PDNMp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNMp50.sys
"PDNSp50 NDIS Protocol Driver" (PDNSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNSp50.sys
"Rootkit Unhooker Driver" (rkhdrv40) - ? - C:\Windows\system32\drivers\rkhdrv40.sys
"SbieDrv" (SbieDrv) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieDrv.sys
"Vimicro Camera Service VMC302" (VMC302) - ? - C:\Windows\System32\Drivers\VMC302.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Utilities\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\10tacle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SandboxieControl" - "SANDBOXIE L.T.D" - "C:\Program Files\Sandboxie\SbieCtrl.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Utilities\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
"BAIIQIX" (BAIIQIX) - ? - C:\Users\10tacle\AppData\Local\Temp\BAIIQIX.exe  (File not found)
"DDFPVSEE" (DDFPVSEE) - ? - C:\Users\10tacle\AppData\Local\Temp\DDFPVSEE.exe  (File not found)
"ENAXITTPPCKHEU" (ENAXITTPPCKHEU) - ? - C:\Users\10tacle\AppData\Local\Temp\ENAXITTPPCKHEU.exe  (File not found)
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"OTLJITJ" (OTLJITJ) - ? - C:\Users\10tacle\AppData\Local\Temp\OTLJITJ.exe  (File not found)
"Samsung Update Plus" (Samsung Update Plus) - ? - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe  (File found, but it contains no detailed information)
"Sandboxie Service" (SbieSvc) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieSvc.exe
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"TGCM_ImportWiFiSvc" (TGCM_ImportWiFiSvc) - "Telefónica I+D" - C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe
"WABGQEVHZOI" (WABGQEVHZOI) - ? - C:\Users\10tacle\AppData\Local\Temp\WABGQEVHZOI.exe  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"DiamondCS TCP/IP Layer [RAW]" - "Diamond Computer Systems Pty. Ltd." - C:\Windows\system32\dcsws2.dll
"DiamondCS TCP/IP Layer [TCP]" - "Diamond Computer Systems Pty. Ltd." - C:\Windows\system32\dcsws2.dll
"DiamondCS TCP/IP Layer [UDP]" - "Diamond Computer Systems Pty. Ltd." - C:\Windows\system32\dcsws2.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

DocHolliday 10.01.2012 21:42
Frohes, neues Jahr!!!!!!!!!!!:applaus:
Bin aus dem Urlaub zurück und würde gerne weitermachen mit der Trojaneruche!:pfeiff:(ging leider nicht schneller!)

Hier, wie gewünscht, die logs von gmer und OSAM:

OSAM hat unter drivers einen Eintrag "catchme.sys" gefunden!
Könnte das was sein?(habe gegoogelt, aber recht widersprüchliche Aussagen dazu gefunden)

Code:
OSAM Logfile:

       
Code:

       
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:10:59 on 10.01.2012

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 8.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl
"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ADDMEM" (ADDMEM) - ? - C:\Users\ADMINI~1\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS  (File not found)
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys
"AVG Anti-Rootkit" (AVG Anti-Rootkit) - "GRISOFT, s.r.o." - C:\Windows\System32\DRIVERS\avgarkt.sys
"Avg Anti-Rootkit Clean Driver" (AvgArCln) - "GRISOFT, s.r.o." - C:\Windows\System32\DRIVERS\AvgArCln.sys
"catchme" (catchme) - ? - C:\Users\10tacle\AppData\Local\Temp\catchme.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"esihdrv" (esihdrv) - ? - C:\Users\10tacle\AppData\Local\Temp\esihdrv.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"MEMSWEEP2" (MEMSWEEP2) - ? - C:\Windows\system32\DD25.tmp  (File not found)
"PDNMp50 NDIS Protocol Driver" (PDNMp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNMp50.sys
"PDNSp50 NDIS Protocol Driver" (PDNSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNSp50.sys
"Rootkit Unhooker Driver" (rkhdrv40) - ? - C:\Windows\system32\drivers\rkhdrv40.sys
"SbieDrv" (SbieDrv) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieDrv.sys
"Vimicro Camera Service VMC302" (VMC302) - ? - C:\Windows\System32\Drivers\VMC302.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Utilities\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\10tacle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SandboxieControl" - "SANDBOXIE L.T.D" - "C:\Program Files\Sandboxie\SbieCtrl.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Utilities\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
"BAIIQIX" (BAIIQIX) - ? - C:\Users\10tacle\AppData\Local\Temp\BAIIQIX.exe  (File not found)
"DDFPVSEE" (DDFPVSEE) - ? - C:\Users\10tacle\AppData\Local\Temp\DDFPVSEE.exe  (File not found)
"ENAXITTPPCKHEU" (ENAXITTPPCKHEU) - ? - C:\Users\10tacle\AppData\Local\Temp\ENAXITTPPCKHEU.exe  (File not found)
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"OTLJITJ" (OTLJITJ) - ? - C:\Users\10tacle\AppData\Local\Temp\OTLJITJ.exe  (File not found)
"Samsung Update Plus" (Samsung Update Plus) - ? - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe  (File found, but it contains no detailed information)
"Sandboxie Service" (SbieSvc) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieSvc.exe
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"TGCM_ImportWiFiSvc" (TGCM_ImportWiFiSvc) - "Telefónica I+D" - C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe
"WABGQEVHZOI" (WABGQEVHZOI) - ? - C:\Users\10tacle\AppData\Local\Temp\WABGQEVHZOI.exe  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"DiamondCS TCP/IP Layer [RAW]" - "Diamond Computer Systems Pty. Ltd." - C:\Windows\system32\dcsws2.dll
"DiamondCS TCP/IP Layer [TCP]" - "Diamond Computer Systems Pty. Ltd." - C:\Windows\system32\dcsws2.dll
"DiamondCS TCP/IP Layer [UDP]" - "Diamond Computer Systems Pty. Ltd." - C:\Windows\system32\dcsws2.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


MfG

DH

DocHolliday 10.01.2012 21:48
... und hier kommt das gmer-log:
(habe es als Anhang angefügt, da zu lang für code-Tags(max 1000 Zeichen))

DocHolliday 10.01.2012 22:11
.. und hier das aswmbr-log:
Code:
aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-10 21:48:13
-----------------------------
21:48:13.719    OS Version: Windows 6.0.6001 Service Pack 1
21:48:13.719    Number of processors: 2 586 0x1706
21:48:13.720    ComputerName: LAPPI-10TACLE  UserName: 10tacle
21:48:35.849    Initialize success
21:48:36.447    AVAST engine defs: 11121000
21:48:50.642    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:48:50.644    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
21:48:50.660    Disk 0 MBR read successfully
21:48:50.661    Disk 0 MBR scan
21:48:50.663    Disk 0 unknown MBR code
21:48:50.674    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        10240 MB offset 2048
21:48:50.712    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      147501 MB offset 20973568
21:48:50.728    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      147503 MB offset 323055617
21:48:50.732    Disk 0 scanning sectors +625141761
21:48:50.814    Disk 0 scanning C:\Windows\system32\drivers
21:49:00.751    Service scanning
21:49:02.469    Modules scanning
21:49:07.447    Disk 0 trace - called modules:
21:49:07.468    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:49:07.471    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ad5458]
21:49:07.474    3 CLASSPNP.SYS[8a59e745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8502c028]
21:49:07.940    AVAST engine scan C:\Windows
21:49:10.944    AVAST engine scan C:\Windows\system32
21:50:06.162    AVAST engine scan C:\Windows\system32\drivers
21:50:11.716    AVAST engine scan C:\Users\10tacle
22:02:27.798    AVAST engine scan C:\ProgramData
22:02:47.010    Scan finished successfully
22:07:42.744    Disk 0 MBR has been saved successfully to "D:\MBR.dat"
22:07:42.760    The log file has been saved successfully to "D:\aswMBRny.txt"

cosinus 10.01.2012 22:24
Zitat:
"esihdrv" (esihdrv) - ? - C:\Users\10tacle\AppData\Local\Temp\esihdrv.sys (File not found)
"BAIIQIX" (BAIIQIX) - ? - C:\Users\10tacle\AppData\Local\Temp\BAIIQIX.exe (File not found)
"DDFPVSEE" (DDFPVSEE) - ? - C:\Users\10tacle\AppData\Local\Temp\DDFPVSEE.exe (File not found)
"ENAXITTPPCKHEU" (ENAXITTPPCKHEU) - ? - C:\Users\10tacle\AppData\Local\Temp\ENAXITTPPCKHEU.exe (File not found)
"OTLJITJ" (OTLJITJ) - ? - C:\Users\10tacle\AppData\Local\Temp\OTLJITJ.exe (File not found)
Bitte mit OSAM deaktivieren und löschen. Windows neu starten und ein neues OSAM Log machen

DocHolliday 15.01.2012 18:00
Nabend!
Sorry für meine späte Antwort-war tierisch im Stress!:crazy:
hier also das OSAM-Log:
Ach ja-ich glaube defogger funzt nicht bei mir: ich kann iso dateien ganz normal aufrufen!!!???:wtf:
Code:
OSAM Logfile:

       
Code:

       
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:52:02 on 15.01.2012

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 8.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl
"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ADDMEM" (ADDMEM) - ? - C:\Users\ADMINI~1\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS  (File not found)
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys
"AVG Anti-Rootkit" (AVG Anti-Rootkit) - "GRISOFT, s.r.o." - C:\Windows\System32\DRIVERS\avgarkt.sys
"Avg Anti-Rootkit Clean Driver" (AvgArCln) - "GRISOFT, s.r.o." - C:\Windows\System32\DRIVERS\AvgArCln.sys
"catchme" (catchme) - ? - C:\Users\10tacle\AppData\Local\Temp\catchme.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"MEMSWEEP2" (MEMSWEEP2) - ? - C:\Windows\system32\DD25.tmp  (File not found)
"PDNMp50 NDIS Protocol Driver" (PDNMp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNMp50.sys
"PDNSp50 NDIS Protocol Driver" (PDNSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNSp50.sys
"Rootkit Unhooker Driver" (rkhdrv40) - ? - C:\Windows\system32\drivers\rkhdrv40.sys
"SbieDrv" (SbieDrv) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieDrv.sys
"Vimicro Camera Service VMC302" (VMC302) - ? - C:\Windows\System32\Drivers\VMC302.sys  (File not found)
(Disabled) "esihdrv" (esihdrv) - ? - C:\Users\10tacle\AppData\Local\Temp\esihdrv.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Utilities\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\10tacle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SandboxieControl" - "SANDBOXIE L.T.D" - "C:\Program Files\Sandboxie\SbieCtrl.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Utilities\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Samsung Update Plus" (Samsung Update Plus) - ? - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe  (File found, but it contains no detailed information)
"Sandboxie Service" (SbieSvc) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieSvc.exe
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"TGCM_ImportWiFiSvc" (TGCM_ImportWiFiSvc) - "Telefónica I+D" - C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe
"WABGQEVHZOI" (WABGQEVHZOI) - ? - C:\Users\10tacle\AppData\Local\Temp\WABGQEVHZOI.exe  (File not found)
(Disabled) "BAIIQIX" (BAIIQIX) - ? - C:\Users\10tacle\AppData\Local\Temp\BAIIQIX.exe  (File not found)
(Disabled) "DDFPVSEE" (DDFPVSEE) - ? - C:\Users\10tacle\AppData\Local\Temp\DDFPVSEE.exe  (File not found)
(Disabled) "ENAXITTPPCKHEU" (ENAXITTPPCKHEU) - ? - C:\Users\10tacle\AppData\Local\Temp\ENAXITTPPCKHEU.exe  (File not found)
(Disabled) "OTLJITJ" (OTLJITJ) - ? - C:\Users\10tacle\AppData\Local\Temp\OTLJITJ.exe  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"DiamondCS TCP/IP Layer [RAW]" - "Diamond Computer Systems Pty. Ltd." - C:\Windows\system32\dcsws2.dll
"DiamondCS TCP/IP Layer [TCP]" - "Diamond Computer Systems Pty. Ltd." - C:\Windows\system32\dcsws2.dll
"DiamondCS TCP/IP Layer [UDP]" - "Diamond Computer Systems Pty. Ltd." - C:\Windows\system32\dcsws2.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
MfG
DH

cosinus 15.01.2012 18:46
Zitat:
"WABGQEVHZOI" (WABGQEVHZOI) - ? - C:\Users\10tacle\AppData\Local\Temp\WABGQEVHZOI.exe (File not found)
(Disabled) "BAIIQIX" (BAIIQIX) - ? - C:\Users\10tacle\AppData\Local\Temp\BAIIQIX.exe (File not found)
(Disabled) "DDFPVSEE" (DDFPVSEE) - ? - C:\Users\10tacle\AppData\Local\Temp\DDFPVSEE.exe (File not found)
(Disabled) "ENAXITTPPCKHEU" (ENAXITTPPCKHEU) - ? - C:\Users\10tacle\AppData\Local\Temp\ENAXITTPPCKHEU.exe (File not found)
(Disabled) "OTLJITJ" (OTLJITJ) - ? - C:\Users\10tacle\AppData\Local\Temp\OTLJITJ.exe (File not found)
Den obersten (WABGQEVHZOI) bitte auch deaktivieren und löschen.
Die anderen wurden nur deaktiviert, bitte alle auch LÖSCHEN!

DocHolliday 15.01.2012 20:52
hier kommt es:
Code:
OSAM Logfile:

       
Code:

       
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:46:51 on 15.01.2012

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 8.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl
"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ADDMEM" (ADDMEM) - ? - C:\Users\ADMINI~1\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS  (File not found)
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys
"AVG Anti-Rootkit" (AVG Anti-Rootkit) - "GRISOFT, s.r.o." - C:\Windows\System32\DRIVERS\avgarkt.sys
"Avg Anti-Rootkit Clean Driver" (AvgArCln) - "GRISOFT, s.r.o." - C:\Windows\System32\DRIVERS\AvgArCln.sys
"catchme" (catchme) - ? - C:\Users\10tacle\AppData\Local\Temp\catchme.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"MEMSWEEP2" (MEMSWEEP2) - ? - C:\Windows\system32\DD25.tmp  (File not found)
"PDNMp50 NDIS Protocol Driver" (PDNMp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNMp50.sys
"PDNSp50 NDIS Protocol Driver" (PDNSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNSp50.sys
"Rootkit Unhooker Driver" (rkhdrv40) - ? - C:\Windows\system32\drivers\rkhdrv40.sys
"SbieDrv" (SbieDrv) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieDrv.sys
"Vimicro Camera Service VMC302" (VMC302) - ? - C:\Windows\System32\Drivers\VMC302.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Utilities\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\10tacle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SandboxieControl" - "SANDBOXIE L.T.D" - "C:\Program Files\Sandboxie\SbieCtrl.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Utilities\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Samsung Update Plus" (Samsung Update Plus) - ? - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe  (File found, but it contains no detailed information)
"Sandboxie Service" (SbieSvc) - "SANDBOXIE L.T.D" - C:\Program Files\Sandboxie\SbieSvc.exe
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"TGCM_ImportWiFiSvc" (TGCM_ImportWiFiSvc) - "Telefónica I+D" - C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"DiamondCS TCP/IP Layer [RAW]" - "Diamond Computer Systems Pty. Ltd." - C:\Windows\system32\dcsws2.dll
"DiamondCS TCP/IP Layer [TCP]" - "Diamond Computer Systems Pty. Ltd." - C:\Windows\system32\dcsws2.dll
"DiamondCS TCP/IP Layer [UDP]" - "Diamond Computer Systems Pty. Ltd." - C:\Windows\system32\dcsws2.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Gruß
DH:kaffee:

cosinus 16.01.2012 13:27
Das schon mal gut.

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.
Anschließend Windows neu starten und ein neues Log mit aswMBR und nach Möglichkeit auch GMER machen.

DocHolliday 19.01.2012 07:40
Moinsen!

Kann dabei die Recovery-Partition meines Laptops geschrotet werden????:balla:



MfG
DH

cosinus 19.01.2012 10:51
Ja. Deswegen machst du ja ein Backup. Und Recovery-Medien muss man immer ienen Satz da haben.

DocHolliday 20.01.2012 17:28
Danke für die Antwort!
Nein, eine Vista DVD habe ich leider keine. Bei meinem Laptop gibt es nur die
Recovery-Partition.
( werde mir aber eine beschaffen)
Datenbackup dauert noch 1-2 Tage

2 Fragen hätte ich noch:
-Gibt es noch andere Möglichkeiten den MBR zu fixen?
ReparaturKonsole/fixmbr mit dieser NofallVista DVD von drwindows.de ????
Vor allem wäre es ärgerlich, wenn die Recovery-Part. nicht mehr funzen
würde :heulen:

-Wieso überhaupt den mbr fixen? aswmbr hatte doch nichts rot eingefärbt! :killpc:

MfG
DH

cosinus 20.01.2012 22:45
Zitat:
Nein, eine Vista DVD habe ich leider keine. Bei meinem Laptop gibt es nur die
Recovery-Partition.
Ja steht denn NICHTS im handbuch darüber, dass du dir Recovery-Medien brennen sollst!
Eine Recovery-Partition allein ist ungenügend wenn du zB mal die komplette Festplatte neu einrichten musst oder eine neue Festplatte eingebaut hast

Zitat:
21:48:50.663 Disk 0 unknown MBR code
Unbekannter MBR. Deswegen will ich den gefixt sehen

DocHolliday 30.01.2012 11:53
Sorry für die späte Antwort!:stirn:

Es dauert noch ein paar Tage, bis ich an eine Vista DVD komme.
(ein Handbuch zu dem Lappi habe ich nciht, da ich die Kiste gebraucht bei ebay gekauft habe)


Wäre das Fixen des mbrs denn der letzte Schritt, oder kommt da noch was????:wtf:

MfG
DH

cosinus 30.01.2012 12:05
Ein paar Kontrollscans folgen dann noch...


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55