Trojaner-Board - Windows System aus Sicherheitsgründen blockiert...

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Windows System aus Sicherheitsgründen blockiert... (https://www.trojaner-board.de/107872-windows-system-sicherheitsgruenden-blockiert.html)

Windows System aus Sicherheitsgründen blockiert...

Hallo Leute, habe ebenfalls das Problem mit diesem Virus, wodurch mir die Meldung angezeigt wird, dass das Windows System aus Sicherheitsgründen blockiert wurde und ich einen Geldbetrag zahlen soll...
Habe mich hier ein bisschen erkundigt und malwarebytes heruntergeladen. Danach habe ich einen Vollscan durchgeführt und die entdeckten Viren entfernen lassen. Hier das logfile danach:

Code:

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2012.01.09.08
 

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)

Internet Explorer 8.0.7601.17514

tim :: TIM-PC [Administrator]
 

10.01.2012 00:39:57

mbam-log-2012-01-10 (00-39-57).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 301930

Laufzeit: 34 Minute(n), 1 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{D6C860ED-A7BC-11DE-8A4B-806E6F6E6963} (Trojan.Ransom) -> Daten: C:\Users\tim\AppData\Roaming\Microsoft\loadhst.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\Users\tim\AppData\Roaming\Microsoft\loadhst.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Ich werde gleich noch einen ESET scan posten... danke schonmal im Voraus für die Hilfe, LG!

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Hi, hat dann doch etwas länger gedauert...
Also, habe bisher noch nie mit Malwarebytes gescannt, wurde frisch heruntergeladen, das da oben ist auch die einzige Logdatei. Hier nun noch der ESET-Scan, Laptop funktioniert übrigens wieder im "normalen Modus"...

Code:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=e29a9df85f738442ae913e66394c55a7

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-10 01:38:02

# local_time=2012-01-10 02:38:02 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1797 16775165 100 94 55674 62733532 84112 0

# compatibility_mode=5121 16776573 100 96 56584194 78559059 0 0

# compatibility_mode=5893 16776574 66 85 4497383 77827902 0 0

# compatibility_mode=8192 67108863 100 0 44861 44861 0 0

# scanned=127666

# found=0

# cleaned=0

# scan_time=5971

Wie geht's weiter? ;-) danke!

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hier das Ergebnis

Code:

OTL logfile created on: 1/10/2012 4:47:56 PM - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\tim\Desktop

 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2.97 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 61.38% Memory free

5.93 Gb Paging File | 4.74 Gb Available in Paging File | 80.03% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 141.49 Gb Total Space | 96.33 Gb Free Space | 68.08% Space Free | Partition Type: NTFS

Drive D: | 141.50 Gb Total Space | 131.61 Gb Free Space | 93.01% Space Free | Partition Type: NTFS

 

Computer Name: TIM-PC | User Name: tim | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012/01/10 00:06:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\tim\Desktop\OTL.exe

PRC - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

PRC - [2011/06/29 09:31:00 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011/06/18 18:57:54 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe

PRC - [2011/04/28 01:50:42 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/04/08 06:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011/04/07 21:43:04 | 000,841,832 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

PRC - [2011/01/10 14:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/04/16 13:11:02 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE

PRC - [2010/02/01 22:51:56 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2010/02/01 22:51:52 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2010/01/14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~1\mcafee.com\agent\mcagent.exe

PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe

PRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe

PRC - [2009/09/17 14:29:04 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

PRC - [2009/09/08 00:47:52 | 000,832,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

PRC - [2009/09/07 11:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe

PRC - [2009/08/23 05:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

PRC - [2009/08/06 08:46:06 | 002,242,048 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

PRC - [2009/07/27 03:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

PRC - [2009/02/10 17:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

PRC - [2008/01/16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/01/26 00:42:08 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll

MOD - [2010/04/16 13:11:02 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE

MOD - [2010/04/16 13:11:02 | 000,155,648 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\HMXML.dll

MOD - [2010/03/14 23:51:49 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll

MOD - [2010/01/03 22:46:18 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll

MOD - [2009/12/12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll

MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2011/06/29 09:31:00 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/04/28 16:25:29 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/04/28 01:50:42 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/04/08 06:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2010/08/01 08:26:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)

SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)

SRV - [2009/09/17 14:29:04 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)

SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe -- (McODS)

SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -- (McShield)

SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon)

SRV - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)

SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe -- (McProxy)

SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe -- (McNASvc)

SRV - [2009/02/10 17:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)

SRV - [2008/01/16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011/06/29 09:31:01 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/06/29 09:31:01 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011/04/08 06:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/06/17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/09/21 16:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\serial.sys -- (Serial)

DRV - [2009/04/09 06:23:02 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\URLSearchHook:  - No CLSID value found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/20 10:12:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/26 16:53:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/19 12:10:31 | 000,000,000 | ---D | M]

 

[2009/11/29 18:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tim\AppData\Roaming\mozilla\Extensions

[2011/09/17 16:42:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions

[2010/12/29 00:21:35 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}

[2010/10/11 14:28:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012/01/08 18:30:14 | 000,000,961 | ---- | M] () -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin-1.xml

[2010/10/11 14:28:55 | 000,000,168 | ---- | M] () -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin.gif

[2010/10/11 14:28:55 | 000,000,618 | ---- | M] () -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin.src

[2010/12/24 12:02:49 | 000,001,069 | ---- | M] () -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin.xml

[2011/03/02 14:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2011/03/02 14:02:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/03/02 14:01:44 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/12/26 16:53:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010/12/26 16:53:01 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010/12/26 16:53:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010/08/16 12:29:44 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

[2010/12/26 16:53:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010/12/26 16:53:01 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - Extension: SiteAdvisor = C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\

 

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll ()

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)

O4 - HKCU..\Run: [Mozilla Firefox] C:\Users\tim\AppData\Roaming\Mozilla\Firefox\firefox.exe File not found

O4 - Startup: C:\Users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4721886E-7EB6-486F-8E74-2C23884CAC7B}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D24FC75C-5E3A-4CD8-BCAC-AF5D2F431E78}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: mcmscsvc - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

SafeBootMin: MCODS - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee, Inc.)

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: mcmscsvc - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

SafeBootNet: MCODS - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee, Inc.)

SafeBootNet: Messenger - Service

SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.yv12 - C:\windows\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012/01/10 01:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012/01/10 00:28:55 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Roaming\Malwarebytes

[2012/01/10 00:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/01/10 00:28:51 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2012/01/10 00:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/01/10 00:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/01/10 00:27:51 | 010,847,608 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\tim\Desktop\mbam-setup-1.60.0.1800.exe

[2012/01/10 00:05:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\tim\Desktop\OTL.exe

[2011/12/17 14:41:33 | 000,000,000 | ---D | C] -- C:\Users\tim\Desktop\ebayshop

 
 ========== Files - Modified Within 30 Days ==========

 

[2012/01/10 16:12:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/01/10 12:44:45 | 000,700,836 | ---- | M] () -- C:\windows\System32\perfh007.dat

[2012/01/10 12:44:45 | 000,653,898 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2012/01/10 12:44:45 | 000,149,920 | ---- | M] () -- C:\windows\System32\perfc007.dat

[2012/01/10 12:44:45 | 000,121,090 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2012/01/10 12:44:00 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/10 12:44:00 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/01/10 12:42:02 | 000,030,639 | ---- | M] () -- C:\windows\System32\Config.MPF

[2012/01/10 12:41:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/01/10 03:09:41 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/01/10 03:08:54 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys

[2012/01/10 00:28:52 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/10 00:28:36 | 010,847,608 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\tim\Desktop\mbam-setup-1.60.0.1800.exe

[2012/01/10 00:06:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\tim\Desktop\OTL.exe

[2012/01/09 22:06:33 | 000,018,484 | ---- | M] () -- C:\Users\tim\Desktop\Homepage.odt

[2012/01/08 19:12:15 | 000,000,432 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for tim.job

[2012/01/07 04:15:17 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/01/01 15:25:14 | 000,000,348 | ---- | M] () -- C:\windows\tasks\McQcTask.job

[2011/12/24 12:20:14 | 000,432,424 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2011/12/15 01:00:00 | 000,000,368 | ---- | M] () -- C:\windows\tasks\McDefragTask.job

 
 ========== Files Created - No Company Name ==========

 

[2012/01/10 00:28:52 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/09 22:06:31 | 000,018,484 | ---- | C] () -- C:\Users\tim\Desktop\Homepage.odt

[2011/04/18 13:38:48 | 000,151,080 | -H-- | C] () -- C:\windows\System32\mlfcache.dat

[2010/12/03 17:53:03 | 000,057,344 | ---- | C] () -- C:\windows\System32\ff_vfw.dll

[2010/02/27 20:40:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/02/20 12:53:23 | 000,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll

[2009/12/21 22:57:54 | 000,000,116 | ---- | C] () -- C:\windows\System32\applet.ini

[2009/10/24 13:51:15 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini

[2009/10/24 13:35:10 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2009/09/22 23:05:23 | 000,700,836 | ---- | C] () -- C:\windows\System32\perfh007.dat

[2009/09/22 23:05:23 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat

[2009/09/22 23:05:23 | 000,149,920 | ---- | C] () -- C:\windows\System32\perfc007.dat

[2009/09/22 23:05:23 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat

[2009/09/22 06:45:54 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe

[2009/09/22 06:21:26 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll

[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat

[2009/07/14 05:33:53 | 000,432,424 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT

[2009/07/14 03:05:48 | 000,653,898 | ---- | C] () -- C:\windows\System32\perfh009.dat

[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat

[2009/07/14 03:05:48 | 000,121,090 | ---- | C] () -- C:\windows\System32\perfc009.dat

[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat

[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT

[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat

[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll

[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

[2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin

[2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin

[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin

[2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin

[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

 
 ========== LOP Check ==========

 

[2010/01/27 19:50:02 | 000,000,000 | -HSD | M] -- C:\Users\tim\AppData\Roaming\.#

[2011/09/26 16:32:24 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\.minecraft

[2010/06/10 19:24:01 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Canon

[2011/10/17 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\FileZilla

[2009/11/01 00:03:35 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\FUJIFILM

[2010/01/27 19:43:51 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\GameConsole

[2010/12/03 17:53:01 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\GetRightToGo

[2010/01/24 03:49:11 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Go Go Gourmet

[2011/12/18 00:58:04 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\ICQ

[2010/05/13 07:10:26 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\LolClient

[2010/02/27 18:51:10 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1

[2010/03/14 23:52:05 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\OpenOffice.org

[2010/07/16 16:25:45 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Opera

[2010/02/16 22:02:28 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\PlayFirst

[2009/12/21 22:58:13 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\QIP

[2011/10/17 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\TS3Client

[2010/04/24 15:12:59 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Windows Live Writer

[2011/12/15 01:00:00 | 000,000,368 | ---- | M] () -- C:\windows\Tasks\McDefragTask.job

[2012/01/01 15:25:14 | 000,000,348 | ---- | M] () -- C:\windows\Tasks\McQcTask.job

[2010/12/16 15:51:15 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010/01/27 19:50:02 | 000,000,000 | -HSD | M] -- C:\Users\tim\AppData\Roaming\.#

[2011/09/26 16:32:24 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\.minecraft

[2010/02/26 19:47:33 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Adobe

[2010/12/01 16:51:54 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Apple Computer

[2011/03/22 23:07:13 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Avira

[2010/06/10 19:24:01 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Canon

[2011/10/17 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\FileZilla

[2009/11/01 00:03:35 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\FUJIFILM

[2010/01/27 19:43:51 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\GameConsole

[2010/12/03 17:53:01 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\GetRightToGo

[2010/01/24 03:49:11 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Go Go Gourmet

[2009/10/24 13:53:28 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Google

[2011/12/18 00:58:04 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\ICQ

[2009/10/24 13:52:40 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Identities

[2010/05/13 07:10:26 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\LolClient

[2010/02/27 18:51:10 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1

[2009/10/24 14:12:23 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Macromedia

[2012/01/10 00:28:55 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Malwarebytes

[2009/09/22 22:54:35 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Media Center Programs

[2012/01/10 01:44:05 | 000,000,000 | --SD | M] -- C:\Users\tim\AppData\Roaming\Microsoft

[2009/11/29 18:16:33 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Mozilla

[2010/03/14 23:52:05 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\OpenOffice.org

[2010/07/16 16:25:45 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Opera

[2010/02/16 22:02:28 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\PlayFirst

[2009/12/21 22:58:13 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\QIP

[2011/07/02 06:19:25 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Skype

[2011/07/02 05:53:59 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\skypePM

[2011/10/17 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\TS3Client

[2011/09/24 09:53:39 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\vlc

[2010/04/24 15:12:59 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Windows Live Writer

[2010/02/14 15:14:28 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2011/02/23 02:02:37 | 000,187,227 | ---- | M] () -- C:\Users\tim\AppData\Roaming\.minecraft\bin\mcpatcher-1.1.12_02.exe

[2011/06/18 18:57:46 | 003,120,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\tim\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2009/06/04 10:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys

[2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys

[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys

[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll

[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys

[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys

[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll

[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll

[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39

@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54

@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:EA701346

@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE
 

< End of report >

Zitat:

(McAfee, Inc.) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
(Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

Was soll denn das? Sry aber das geht nicht. Entweder nur sowas wie McAfee oder nur sowas wie AntiVir. Aber NICHT beides zusammen/parallel.
Umgehend einen der beiden Scanner deinstallieren, Windows neu starten und ein neues OTL-CustomLog erstellen.

Falls McAfee oder AntiVir was mal gefunden haben, davon die Logs vorher posten!

McAfee war aufm Laptop drauf, ist aber seit geraumer Zeit abgelaufen und quasi nicht mehr als Virenschutz aktiv dachte ich... deswegen hab ich nachträglich Avira installiert... dabei McAfee jedoch nicht deinstalliert. Hier nochmal das OTL-Log

Code:

OTL logfile created on: 1/10/2012 10:55:43 PM - Run 3

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\tim\Desktop

 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2.97 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 68.01% Memory free

5.93 Gb Paging File | 4.91 Gb Available in Paging File | 82.85% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 141.49 Gb Total Space | 97.79 Gb Free Space | 69.11% Space Free | Partition Type: NTFS

Drive D: | 141.50 Gb Total Space | 131.61 Gb Free Space | 93.01% Space Free | Partition Type: NTFS

 

Computer Name: TIM-PC | User Name: tim | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012/01/10 00:06:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\tim\Desktop\OTL.exe

PRC - [2011/06/29 09:31:00 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011/04/28 01:50:42 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/04/08 06:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011/04/07 21:43:20 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

PRC - [2011/04/07 21:43:04 | 000,841,832 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

PRC - [2011/01/10 14:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/04/20 13:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe

PRC - [2010/02/01 22:51:56 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2010/02/01 22:51:52 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2010/01/14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/09/08 00:47:52 | 000,832,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

PRC - [2009/09/07 11:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe

PRC - [2009/08/23 05:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

PRC - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe

PRC - [2009/08/06 08:46:06 | 002,242,048 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

PRC - [2009/07/27 03:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

PRC - [2009/02/10 17:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

PRC - [2008/01/16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/01/26 00:42:08 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll

MOD - [2010/04/20 13:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe

MOD - [2010/04/16 13:11:02 | 000,155,648 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll

MOD - [2010/03/14 23:51:49 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll

MOD - [2010/01/03 22:46:18 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll

MOD - [2009/12/12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll

MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011/06/29 09:31:00 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/04/28 16:25:29 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/04/28 01:50:42 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/04/08 06:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2010/08/01 08:26:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)

SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2009/02/10 17:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)

SRV - [2008/01/16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011/06/29 09:31:01 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/06/29 09:31:01 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011/04/08 06:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/06/17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/09/21 16:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\serial.sys -- (Serial)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\URLSearchHook:  - No CLSID value found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/26 16:53:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/19 12:10:31 | 000,000,000 | ---D | M]

 

[2009/11/29 18:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tim\AppData\Roaming\mozilla\Extensions

[2011/09/17 16:42:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions

[2010/12/29 00:21:35 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}

[2010/10/11 14:28:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012/01/08 18:30:14 | 000,000,961 | ---- | M] () -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin-1.xml

[2010/10/11 14:28:55 | 000,000,168 | ---- | M] () -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin.gif

[2010/10/11 14:28:55 | 000,000,618 | ---- | M] () -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin.src

[2010/12/24 12:02:49 | 000,001,069 | ---- | M] () -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin.xml

[2012/01/10 18:54:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2011/03/02 14:02:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2012/01/10 18:54:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/12/26 16:53:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010/12/26 16:53:01 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010/12/26 16:53:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010/08/16 12:29:44 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

[2010/12/26 16:53:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010/12/26 16:53:01 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - Extension: SiteAdvisor = C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\

 

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)

O4 - HKCU..\Run: [Mozilla Firefox] C:\Users\tim\AppData\Roaming\Mozilla\Firefox\firefox.exe File not found

O4 - Startup: C:\Users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4721886E-7EB6-486F-8E74-2C23884CAC7B}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D24FC75C-5E3A-4CD8-BCAC-AF5D2F431E78}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: mcmscsvc - Service

SafeBootMin: MCODS - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: mcmscsvc - Service

SafeBootNet: MCODS - Service

SafeBootNet: Messenger - Service

SafeBootNet: MpfService - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.yv12 - C:\windows\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012/01/10 20:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/01/10 20:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/01/10 20:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/01/10 18:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/01/10 01:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012/01/10 00:28:55 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Roaming\Malwarebytes

[2012/01/10 00:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/01/10 00:28:51 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2012/01/10 00:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/01/10 00:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/01/10 00:05:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\tim\Desktop\OTL.exe

[2011/12/17 14:41:33 | 000,000,000 | ---D | C] -- C:\Users\tim\Desktop\ebayshop

 
 ========== Files - Modified Within 30 Days ==========

 

[2012/01/10 22:52:44 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/10 22:52:44 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/01/10 22:45:13 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/01/10 22:45:10 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys

[2012/01/10 20:03:29 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/01/10 12:44:45 | 000,700,836 | ---- | M] () -- C:\windows\System32\perfh007.dat

[2012/01/10 12:44:45 | 000,653,898 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2012/01/10 12:44:45 | 000,149,920 | ---- | M] () -- C:\windows\System32\perfc007.dat

[2012/01/10 12:44:45 | 000,121,090 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2012/01/10 00:28:52 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/10 00:06:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\tim\Desktop\OTL.exe

[2012/01/09 22:06:33 | 000,018,484 | ---- | M] () -- C:\Users\tim\Desktop\Homepage.odt

[2011/12/24 12:20:14 | 000,432,424 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

 
 ========== Files Created - No Company Name ==========

 

[2012/01/10 20:03:29 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/01/10 00:28:52 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/09 22:06:31 | 000,018,484 | ---- | C] () -- C:\Users\tim\Desktop\Homepage.odt

[2011/04/18 13:38:48 | 000,151,080 | -H-- | C] () -- C:\windows\System32\mlfcache.dat

[2010/12/03 17:53:03 | 000,057,344 | ---- | C] () -- C:\windows\System32\ff_vfw.dll

[2010/02/27 20:40:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/02/20 12:53:23 | 000,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll

[2009/10/24 13:51:15 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini

[2009/10/24 13:35:10 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2009/09/22 23:05:23 | 000,700,836 | ---- | C] () -- C:\windows\System32\perfh007.dat

[2009/09/22 23:05:23 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat

[2009/09/22 23:05:23 | 000,149,920 | ---- | C] () -- C:\windows\System32\perfc007.dat

[2009/09/22 23:05:23 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat

[2009/09/22 06:45:54 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe

[2009/09/22 06:21:26 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll

[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat

[2009/07/14 05:33:53 | 000,432,424 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT

[2009/07/14 03:05:48 | 000,653,898 | ---- | C] () -- C:\windows\System32\perfh009.dat

[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat

[2009/07/14 03:05:48 | 000,121,090 | ---- | C] () -- C:\windows\System32\perfc009.dat

[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat

[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT

[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat

[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll

[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

[2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin

[2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin

[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin

[2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin

[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

 
 ========== LOP Check ==========

 

[2010/01/27 19:50:02 | 000,000,000 | -HSD | M] -- C:\Users\tim\AppData\Roaming\.#

[2011/09/26 16:32:24 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\.minecraft

[2010/06/10 19:24:01 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Canon

[2011/10/17 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\FileZilla

[2009/11/01 00:03:35 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\FUJIFILM

[2010/01/27 19:43:51 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\GameConsole

[2010/12/03 17:53:01 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\GetRightToGo

[2010/01/24 03:49:11 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Go Go Gourmet

[2011/12/18 00:58:04 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\ICQ

[2010/05/13 07:10:26 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\LolClient

[2010/02/27 18:51:10 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1

[2010/03/14 23:52:05 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\OpenOffice.org

[2010/07/16 16:25:45 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Opera

[2010/02/16 22:02:28 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\PlayFirst

[2009/12/21 22:58:13 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\QIP

[2011/10/17 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\TS3Client

[2010/04/24 15:12:59 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Windows Live Writer

[2010/12/16 15:51:15 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010/01/27 19:50:02 | 000,000,000 | -HSD | M] -- C:\Users\tim\AppData\Roaming\.#

[2011/09/26 16:32:24 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\.minecraft

[2010/02/26 19:47:33 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Adobe

[2012/01/10 20:07:06 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Apple Computer

[2011/03/22 23:07:13 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Avira

[2010/06/10 19:24:01 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Canon

[2011/10/17 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\FileZilla

[2009/11/01 00:03:35 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\FUJIFILM

[2010/01/27 19:43:51 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\GameConsole

[2010/12/03 17:53:01 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\GetRightToGo

[2010/01/24 03:49:11 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Go Go Gourmet

[2009/10/24 13:53:28 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Google

[2011/12/18 00:58:04 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\ICQ

[2009/10/24 13:52:40 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Identities

[2010/05/13 07:10:26 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\LolClient

[2010/02/27 18:51:10 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1

[2009/10/24 14:12:23 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Macromedia

[2012/01/10 00:28:55 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Malwarebytes

[2009/09/22 22:54:35 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Media Center Programs

[2012/01/10 01:44:05 | 000,000,000 | --SD | M] -- C:\Users\tim\AppData\Roaming\Microsoft

[2009/11/29 18:16:33 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Mozilla

[2010/03/14 23:52:05 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\OpenOffice.org

[2010/07/16 16:25:45 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Opera

[2010/02/16 22:02:28 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\PlayFirst

[2009/12/21 22:58:13 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\QIP

[2011/07/02 06:19:25 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Skype

[2011/07/02 05:53:59 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\skypePM

[2011/10/17 19:42:26 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\TS3Client

[2011/09/24 09:53:39 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\vlc

[2010/04/24 15:12:59 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\Windows Live Writer

[2010/02/14 15:14:28 | 000,000,000 | ---D | M] -- C:\Users\tim\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2011/02/23 02:02:37 | 000,187,227 | ---- | M] () -- C:\Users\tim\AppData\Roaming\.minecraft\bin\mcpatcher-1.1.12_02.exe

[2011/06/18 18:57:46 | 003,120,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\tim\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2009/06/04 10:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys

[2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys

[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys

[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll

[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys

[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys

[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll

[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll

[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39

@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54

@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:EA701346

@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE
 

< End of report >

Hier noch der Avira-Scan nachdem der PC infiziert war:

Code:

 
 

Avira AntiVir Personal

Erstellungsdatum der Reportdatei: Montag, 9. Januar 2012  22:45
 

Es wird nach 3038734 Virenstämmen gesucht.
 

Das Programm läuft als uneingeschränkte Vollversion.

Online-Dienste stehen zur Verfügung.
 

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus

Seriennummer   : 0000149996-ADJIE-0000001

Plattform      : Windows 7

Windowsversion : (Service Pack 1)  [6.1.7601]

Boot Modus     : Abgesicherter Modus

Benutzername   : tim

Computername   : TIM-PC
 

Versionsinformationen:

BUILD.DAT      : 10.2.0.704     35934 Bytes  28.09.2011 13:14:00

AVSCAN.EXE     : 10.3.0.7      484008 Bytes  29.06.2011 08:31:01

AVSCAN.DLL     : 10.0.5.0       57192 Bytes  29.06.2011 08:31:00

LUKE.DLL       : 10.3.0.5       45416 Bytes  29.06.2011 08:31:01

LUKERES.DLL    : 10.0.0.0       13672 Bytes  14.01.2010 10:59:47

AVSCPLR.DLL    : 10.3.0.7      119656 Bytes  29.06.2011 08:31:02

AVREG.DLL      : 10.3.0.9       88833 Bytes  13.07.2011 09:54:13

VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 08:05:36

VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 13:23:11

VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 20:10:53

VBASE003.VDF   : 7.11.19.171     2048 Bytes  20.12.2011 20:10:53

VBASE004.VDF   : 7.11.19.172     2048 Bytes  20.12.2011 20:10:53

VBASE005.VDF   : 7.11.19.173     2048 Bytes  20.12.2011 20:10:53

VBASE006.VDF   : 7.11.19.174     2048 Bytes  20.12.2011 20:10:53

VBASE007.VDF   : 7.11.19.175     2048 Bytes  20.12.2011 20:10:53

VBASE008.VDF   : 7.11.19.176     2048 Bytes  20.12.2011 20:10:54

VBASE009.VDF   : 7.11.19.177     2048 Bytes  20.12.2011 20:10:54

VBASE010.VDF   : 7.11.19.178     2048 Bytes  20.12.2011 20:10:54

VBASE011.VDF   : 7.11.19.179     2048 Bytes  20.12.2011 20:10:54

VBASE012.VDF   : 7.11.19.180     2048 Bytes  20.12.2011 20:10:54

VBASE013.VDF   : 7.11.19.217   182784 Bytes  22.12.2011 00:59:35

VBASE014.VDF   : 7.11.19.255   148480 Bytes  24.12.2011 11:21:14

VBASE015.VDF   : 7.11.20.29    164352 Bytes  27.12.2011 12:00:11

VBASE016.VDF   : 7.11.20.70    180224 Bytes  29.12.2011 11:20:04

VBASE017.VDF   : 7.11.20.102   240640 Bytes  02.01.2012 12:07:11

VBASE018.VDF   : 7.11.20.139   164864 Bytes  04.01.2012 11:20:02

VBASE019.VDF   : 7.11.20.178   167424 Bytes  06.01.2012 11:19:59

VBASE020.VDF   : 7.11.20.179     2048 Bytes  06.01.2012 11:19:59

VBASE021.VDF   : 7.11.20.180     2048 Bytes  06.01.2012 11:19:59

VBASE022.VDF   : 7.11.20.181     2048 Bytes  06.01.2012 11:19:59

VBASE023.VDF   : 7.11.20.182     2048 Bytes  06.01.2012 11:20:00

VBASE024.VDF   : 7.11.20.183     2048 Bytes  06.01.2012 11:20:00

VBASE025.VDF   : 7.11.20.184     2048 Bytes  06.01.2012 11:20:00

VBASE026.VDF   : 7.11.20.185     2048 Bytes  06.01.2012 11:20:00

VBASE027.VDF   : 7.11.20.186     2048 Bytes  06.01.2012 11:20:00

VBASE028.VDF   : 7.11.20.187     2048 Bytes  06.01.2012 11:20:00

VBASE029.VDF   : 7.11.20.188     2048 Bytes  06.01.2012 11:20:00

VBASE030.VDF   : 7.11.20.189     2048 Bytes  06.01.2012 11:20:00

VBASE031.VDF   : 7.11.20.198   101376 Bytes  09.01.2012 11:36:19

Engineversion  : 8.2.8.18  

AEVDF.DLL      : 8.1.2.2       106868 Bytes  25.10.2011 20:18:11

AESCRIPT.DLL   : 8.1.3.95      479612 Bytes  29.12.2011 11:48:14

AESCN.DLL      : 8.1.7.2       127349 Bytes  10.01.2011 13:22:49

AESBX.DLL      : 8.2.4.5       434549 Bytes  02.12.2011 10:33:10

AERDL.DLL      : 8.1.9.15      639348 Bytes  09.09.2011 05:34:09

AEPACK.DLL     : 8.2.15.1      770423 Bytes  13.12.2011 20:47:48

AEOFFICE.DLL   : 8.1.2.25      201084 Bytes  30.12.2011 11:20:09

AEHEUR.DLL     : 8.1.3.14     4260216 Bytes  30.12.2011 11:20:09

AEHELP.DLL     : 8.1.18.0      254327 Bytes  25.10.2011 20:18:01

AEGEN.DLL      : 8.1.5.17      405877 Bytes  08.12.2011 20:07:46

AEEMU.DLL      : 8.1.3.0       393589 Bytes  10.01.2011 13:22:42

AECORE.DLL     : 8.1.24.3      201079 Bytes  29.12.2011 11:47:17

AEBB.DLL       : 8.1.1.0        53618 Bytes  10.01.2011 13:22:41

AVWINLL.DLL    : 10.0.0.0       19304 Bytes  10.01.2011 13:22:56

AVPREF.DLL     : 10.0.3.2       44904 Bytes  29.06.2011 08:31:00

AVREP.DLL      : 10.0.0.10     174120 Bytes  19.05.2011 10:23:18

AVARKT.DLL     : 10.0.26.1     255336 Bytes  29.06.2011 08:31:00

AVEVTLOG.DLL   : 10.0.0.9      203112 Bytes  29.06.2011 08:31:00

SQLITE3.DLL    : 3.6.19.0      355688 Bytes  17.06.2010 13:27:02

AVSMTP.DLL     : 10.0.0.17      63848 Bytes  10.01.2011 13:22:56

NETNT.DLL      : 10.0.0.0       11624 Bytes  17.06.2010 13:27:01

RCIMAGE.DLL    : 10.0.0.35    2589544 Bytes  29.06.2011 08:31:00

RCTEXT.DLL     : 10.0.64.0      98664 Bytes  29.06.2011 08:31:00
 

Konfiguration für den aktuellen Suchlauf:

Job Name..............................: Vollständige Systemprüfung

Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp

Protokollierung.......................: standard

Primäre Aktion........................: interaktiv

Sekundäre Aktion......................: ignorieren

Durchsuche Masterbootsektoren.........: ein

Durchsuche Bootsektoren...............: ein

Bootsektoren..........................: C:, D:, 

Durchsuche aktive Programme...........: ein

Laufende Programme erweitert..........: ein

Durchsuche Registrierung..............: ein

Suche nach Rootkits...................: ein

Integritätsprüfung von Systemdateien..: aus

Datei Suchmodus.......................: Alle Dateien

Durchsuche Archive....................: ein

Rekursionstiefe einschränken..........: 20

Archiv Smart Extensions...............: ein

Makrovirenheuristik...................: ein

Dateiheuristik........................: erweitert
 

Beginn des Suchlaufs: Montag, 9. Januar 2012  22:45
 

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Treiber konnte nicht initialisiert werden.
 

Der Suchlauf über gestartete Prozesse wird begonnen:

Durchsuche Prozess 'avscan.exe' - '66' Modul(e) wurden durchsucht

Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht

Durchsuche Prozess 'WMIADAP.EXE' - '30' Modul(e) wurden durchsucht

Durchsuche Prozess 'avcenter.exe' - '74' Modul(e) wurden durchsucht

Durchsuche Prozess 'mcagent.exe' - '76' Modul(e) wurden durchsucht

Durchsuche Prozess 'mcmscsvc.exe' - '100' Modul(e) wurden durchsucht

Durchsuche Prozess 'helppane.exe' - '54' Modul(e) wurden durchsucht

Durchsuche Prozess 'ctfmon.exe' - '21' Modul(e) wurden durchsucht

Durchsuche Prozess 'Explorer.EXE' - '148' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '22' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '26' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht

Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht

Durchsuche Prozess 'lsass.exe' - '57' Modul(e) wurden durchsucht

Durchsuche Prozess 'services.exe' - '31' Modul(e) wurden durchsucht

Durchsuche Prozess 'winlogon.exe' - '23' Modul(e) wurden durchsucht

Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht

Durchsuche Prozess 'wininit.exe' - '21' Modul(e) wurden durchsucht

Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht

Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
 

Der Suchlauf über die Masterbootsektoren wird begonnen:

Masterbootsektor HD0

    [INFO]      Es wurde kein Virus gefunden!
 

Der Suchlauf über die Bootsektoren wird begonnen:

Bootsektor 'C:\'

    [INFO]      Es wurde kein Virus gefunden!

Bootsektor 'D:\'

    [INFO]      Es wurde kein Virus gefunden!
 

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:

Die Registry wurde durchsucht ( '565' Dateien ).
 
 

Der Suchlauf über die ausgewählten Dateien wird begonnen:
 

Beginne mit der Suche in 'C:\'

C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\65e4bdce-192037d6

  [0] Archivtyp: ZIP

  --> mail/Cid.class

      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Exdoer.FJ

  --> mail/MailAgent.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.AN.2

  --> mail/VirtualTable.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.AO.1

C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\4fab3013-19212337

  [0] Archivtyp: ZIP

  --> json/Parser.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.EV

  --> json/XML.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.FL

C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\18d64ca3-49c649be

  [0] Archivtyp: ZIP

  --> report/Generator.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.U

  --> report/HDDDetect.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.T

C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\2557d404-7d8d8ce1

  [0] Archivtyp: ZIP

  --> json/Option.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/Java.Blacole.L

  --> json/Parser.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/Java.Dldr.A

  --> json/SmartyPointer.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/Java.Blacole.F

  --> json/ThreadParser.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/Java.Blacole.E

  --> json/XML.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.FL

C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\57ba75e8-331d95cf

  [0] Archivtyp: ZIP

  --> mail/MailAgent.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.AS

C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\43025b2c-6a6a39dd

  [0] Archivtyp: ZIP

  --> mail/MailAgent.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.AS

C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\2e63d536-3098f962

  [0] Archivtyp: ZIP

  --> json/Parser.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.EV

  --> json/XML.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.FL

C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\63b96ebd-4b52602e

  [0] Archivtyp: ZIP

  --> json/Parser.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.BH

  --> json/XML.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.FL

Beginne mit der Suche in 'D:\'
 

Beginne mit der Desinfektion:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA

C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\63b96ebd-4b52602e

  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.FL

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ae7c51f.qua' verschoben!

C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\2e63d536-3098f962

  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.FL

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '525cea6a.qua' verschoben!

C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\43025b2c-6a6a39dd

  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.AS

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0079b050.qua' verschoben!

C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\57ba75e8-331d95cf

  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.AS

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6618ff9e.qua' verschoben!

C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\2557d404-7d8d8ce1

  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.FL

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '23b1d2ae.qua' verschoben!

C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\18d64ca3-49c649be

  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.T

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5c85e0c0.qua' verschoben!

C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\4fab3013-19212337

  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.FL

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '103ecc54.qua' verschoben!

C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\65e4bdce-192037d6

  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.AO.1

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6c3a8cd5.qua' verschoben!
 
 

Ende des Suchlaufs: Montag, 9. Januar 2012  23:33

Benötigte Zeit: 47:06 Minute(n)
 

Der Suchlauf wurde vollständig durchgeführt.
 

  23837 Verzeichnisse wurden überprüft

 561747 Dateien wurden geprüft

     18 Viren bzw. unerwünschte Programme wurden gefunden

      0 Dateien wurden als verdächtig eingestuft

      0 Dateien wurden gelöscht

      0 Viren bzw. unerwünschte Programme wurden repariert

      8 Dateien wurden in die Quarantäne verschoben

      0 Dateien wurden umbenannt

      0 Dateien konnten nicht durchsucht werden

 561729 Dateien ohne Befall

   4564 Archive wurden durchsucht

      0 Warnungen

      8 Hinweise

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2304157

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"

FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="

[2010/10/11 14:28:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012/01/08 18:30:14 | 000,000,961 | ---- | M] () -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin-1.xml

[2010/10/11 14:28:55 | 000,000,168 | ---- | M] () -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin.gif

[2010/10/11 14:28:55 | 000,000,618 | ---- | M] () -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin.src

[2010/12/24 12:02:49 | 000,001,069 | ---- | M] () -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin.xml

[2010/08/16 12:29:44 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O4 - HKCU..\Run: [Mozilla Firefox] C:\Users\tim\AppData\Roaming\Mozilla\Firefox\firefox.exe File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

[2010/01/27 19:50:02 | 000,000,000 | -HSD | M] -- C:\Users\tim\AppData\Roaming\.#

@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39

@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54

@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:EA701346

@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Alles klar, hab ich soweit befolgt. Hier das Ergebnis

Code:

All processes killed

========== OTL ==========

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.

Prefs.js: "ICQ Search" removed from browser.search.defaultenginename

Prefs.js: "ICQ Search" removed from browser.search.selectedEngine

Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage

Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" removed from keyword.URL

C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.

C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.

C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.

C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.

C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.

C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.

C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.

C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.

C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.

C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.

C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.

C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.

C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.

C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.

C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.

C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.

C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.

C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.

C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.

C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.

C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.

C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\6dcolznk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.

C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin-1.xml moved successfully.

C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin.gif moved successfully.

C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin.src moved successfully.

C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\searchplugins\icqplugin.xml moved successfully.

C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ deleted successfully.

C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.

C:\Program Files\Java\jre6\bin\ssv.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5A1691B-D188-4419-AD02-90002030B8EE}\ deleted successfully.

C:\PROGRA~1\FlashFXP\IEFlash.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ deleted successfully.

File WebPrint EX\ewpexhlp.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found.

File WebPrint EX\ewpexhlp.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mozilla Firefox deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

C:\Users\tim\AppData\Roaming\.# folder moved successfully.

ADS C:\ProgramData\Temp:A42A9F39 deleted successfully.

ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.

ADS C:\ProgramData\Temp:EA701346 deleted successfully.

ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: tim

->Temp folder emptied: 8071535 bytes

->Temporary Internet Files folder emptied: 86740258 bytes

->Java cache emptied: 220847 bytes

->FireFox cache emptied: 54425260 bytes

->Google Chrome cache emptied: 0 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 3129525 bytes

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 54192 bytes

RecycleBin emptied: 2518846560 bytes

 

Total Files Cleaned = 2,548.00 mb

 

C:\windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 01112012_134858
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Danke nochmal für den Support!

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Code:

19:14:34.0109 3984        TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26

19:14:34.0343 3984        ============================================================

19:14:34.0343 3984        Current date / time: 2012/01/11 19:14:34.0343

19:14:34.0343 3984        SystemInfo:

19:14:34.0343 3984        

19:14:34.0343 3984        OS Version: 6.1.7601 ServicePack: 1.0

19:14:34.0343 3984        Product type: Workstation

19:14:34.0343 3984        ComputerName: TIM-PC

19:14:34.0343 3984        UserName: tim

19:14:34.0343 3984        Windows directory: C:\windows

19:14:34.0343 3984        System windows directory: C:\windows

19:14:34.0343 3984        Processor architecture: Intel x86

19:14:34.0343 3984        Number of processors: 2

19:14:34.0343 3984        Page size: 0x1000

19:14:34.0343 3984        Boot type: Normal boot

19:14:34.0343 3984        ============================================================

19:14:34.0779 3984        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000, SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050

19:14:34.0904 3984        Initialize success

19:15:20.0643 1468        ============================================================

19:15:20.0643 1468        Scan started

19:15:20.0643 1468        Mode: Manual; SigCheck; TDLFS; 

19:15:20.0643 1468        ============================================================

19:15:21.0595 1468        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys

19:15:21.0735 1468        1394ohci - ok

19:15:21.0860 1468        ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys

19:15:21.0891 1468        ACPI - ok

19:15:22.0047 1468        AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys

19:15:22.0141 1468        AcpiPmi - ok

19:15:22.0281 1468        adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys

19:15:22.0328 1468        adp94xx - ok

19:15:22.0484 1468        adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys

19:15:22.0515 1468        adpahci - ok

19:15:22.0656 1468        adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys

19:15:22.0687 1468        adpu320 - ok

19:15:22.0812 1468        AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys

19:15:22.0874 1468        AFD - ok

19:15:22.0999 1468        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys

19:15:23.0030 1468        agp440 - ok

19:15:23.0108 1468        aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys

19:15:23.0139 1468        aic78xx - ok

19:15:23.0217 1468        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys

19:15:23.0249 1468        aliide - ok

19:15:23.0295 1468        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys

19:15:23.0311 1468        amdagp - ok

19:15:23.0373 1468        amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys

19:15:23.0389 1468        amdide - ok

19:15:23.0436 1468        AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys

19:15:23.0498 1468        AmdK8 - ok

19:15:23.0545 1468        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys

19:15:23.0607 1468        AmdPPM - ok

19:15:23.0654 1468        amdsata         (e7f4d42d8076ec60e21715cd11743a0d) C:\windows\system32\drivers\amdsata.sys

19:15:23.0670 1468        amdsata - ok

19:15:23.0701 1468        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys

19:15:23.0732 1468        amdsbs - ok

19:15:23.0763 1468        amdxata         (146459d2b08bfdcbfa856d9947043c81) C:\windows\system32\drivers\amdxata.sys

19:15:23.0779 1468        amdxata - ok

19:15:23.0873 1468        AppID           (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys

19:15:23.0997 1468        AppID - ok

19:15:24.0138 1468        arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys

19:15:24.0169 1468        arc - ok

19:15:24.0200 1468        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys

19:15:24.0231 1468        arcsas - ok

19:15:24.0263 1468        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys

19:15:24.0372 1468        AsyncMac - ok

19:15:24.0497 1468        atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys

19:15:24.0512 1468        atapi - ok

19:15:24.0621 1468        athr            (ac4adac154563ab41cc79b0257bc685a) C:\windows\system32\DRIVERS\athr.sys

19:15:24.0699 1468        athr - ok

19:15:24.0824 1468        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys

19:15:24.0887 1468        avgntflt - ok

19:15:24.0918 1468        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys

19:15:24.0933 1468        avipbb - ok

19:15:25.0043 1468        b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys

19:15:25.0121 1468        b06bdrv - ok

19:15:25.0183 1468        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys

19:15:25.0214 1468        b57nd60x - ok

19:15:25.0323 1468        Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys

19:15:25.0401 1468        Beep - ok

19:15:25.0433 1468        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys

19:15:25.0526 1468        blbdrive - ok

19:15:25.0604 1468        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys

19:15:25.0698 1468        bowser - ok

19:15:25.0745 1468        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys

19:15:25.0823 1468        BrFiltLo - ok

19:15:25.0854 1468        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys

19:15:25.0916 1468        BrFiltUp - ok

19:15:25.0994 1468        Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys

19:15:26.0088 1468        Brserid - ok

19:15:26.0119 1468        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys

19:15:26.0150 1468        BrSerWdm - ok

19:15:26.0166 1468        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys

19:15:26.0213 1468        BrUsbMdm - ok

19:15:26.0228 1468        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys

19:15:26.0244 1468        BrUsbSer - ok

19:15:26.0275 1468        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys

19:15:26.0337 1468        BTHMODEM - ok

19:15:26.0400 1468        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys

19:15:26.0478 1468        cdfs - ok

19:15:26.0540 1468        cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys

19:15:26.0571 1468        cdrom - ok

19:15:26.0618 1468        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys

19:15:26.0634 1468        circlass - ok

19:15:26.0681 1468        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys

19:15:26.0696 1468        CLFS - ok

19:15:26.0727 1468        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys

19:15:26.0805 1468        CmBatt - ok

19:15:26.0821 1468        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys

19:15:26.0837 1468        cmdide - ok

19:15:26.0868 1468        CNG             (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys

19:15:26.0915 1468        CNG - ok

19:15:26.0961 1468        Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys

19:15:26.0977 1468        Compbatt - ok

19:15:27.0024 1468        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys

19:15:27.0071 1468        CompositeBus - ok

19:15:27.0117 1468        crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys

19:15:27.0133 1468        crcdisk - ok

19:15:27.0195 1468        DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys

19:15:27.0242 1468        DfsC - ok

19:15:27.0273 1468        discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys

19:15:27.0351 1468        discache - ok

19:15:27.0429 1468        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys

19:15:27.0445 1468        Disk - ok

19:15:27.0476 1468        drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys

19:15:27.0492 1468        drmkaud - ok

19:15:27.0539 1468        DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys

19:15:27.0585 1468        DXGKrnl - ok

19:15:27.0695 1468        ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys

19:15:27.0773 1468        ebdrv - ok

19:15:27.0929 1468        elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys

19:15:27.0975 1468        elxstor - ok

19:15:28.0007 1468        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys

19:15:28.0038 1468        ErrDev - ok

19:15:28.0100 1468        exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys

19:15:28.0163 1468        exfat - ok

19:15:28.0178 1468        fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys

19:15:28.0225 1468        fastfat - ok

19:15:28.0287 1468        fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys

19:15:28.0350 1468        fdc - ok

19:15:28.0381 1468        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys

19:15:28.0397 1468        FileInfo - ok

19:15:28.0428 1468        Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys

19:15:28.0506 1468        Filetrace - ok

19:15:28.0537 1468        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys

19:15:28.0568 1468        flpydisk - ok

19:15:28.0615 1468        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys

19:15:28.0677 1468        FltMgr - ok

19:15:28.0709 1468        FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys

19:15:28.0724 1468        FsDepends - ok

19:15:28.0755 1468        fssfltr         (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys

19:15:28.0787 1468        fssfltr - ok

19:15:28.0818 1468        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys

19:15:28.0833 1468        Fs_Rec - ok

19:15:28.0896 1468        fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys

19:15:28.0911 1468        fvevol - ok

19:15:28.0958 1468        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys

19:15:28.0974 1468        gagp30kx - ok

19:15:29.0021 1468        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

19:15:29.0021 1468        GEARAspiWDM - ok

19:15:29.0036 1468        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys

19:15:29.0067 1468        hcw85cir - ok

19:15:29.0130 1468        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys

19:15:29.0177 1468        HdAudAddService - ok

19:15:29.0208 1468        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys

19:15:29.0223 1468        HDAudBus - ok

19:15:29.0255 1468        HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys

19:15:29.0270 1468        HidBatt - ok

19:15:29.0286 1468        HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys

19:15:29.0301 1468        HidBth - ok

19:15:29.0348 1468        HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys

19:15:29.0364 1468        HidIr - ok

19:15:29.0426 1468        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys

19:15:29.0457 1468        HidUsb - ok

19:15:29.0489 1468        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys

19:15:29.0504 1468        HpSAMD - ok

19:15:29.0582 1468        HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys

19:15:29.0629 1468        HTTP - ok

19:15:29.0660 1468        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys

19:15:29.0676 1468        hwpolicy - ok

19:15:29.0723 1468        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys

19:15:29.0769 1468        i8042prt - ok

19:15:29.0816 1468        iaStor          (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys

19:15:29.0816 1468        iaStor - ok

19:15:29.0879 1468        iaStorV         (a3cae5d281db4cff7cff8233507ee5ad) C:\windows\system32\drivers\iaStorV.sys

19:15:29.0910 1468        iaStorV - ok

19:15:30.0066 1468        igfx            (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys

19:15:30.0222 1468        igfx - ok

19:15:30.0331 1468        iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys

19:15:30.0362 1468        iirsp - ok

19:15:30.0487 1468        IntcAzAudAddService (5ceef2cccb4fe00d3ffbfeb12bcfa07f) C:\windows\system32\drivers\RTKVHDA.sys

19:15:30.0581 1468        IntcAzAudAddService - ok

19:15:30.0690 1468        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys

19:15:30.0721 1468        intelide - ok

19:15:30.0768 1468        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys

19:15:30.0783 1468        intelppm - ok

19:15:30.0830 1468        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys

19:15:30.0893 1468        IpFilterDriver - ok

19:15:30.0939 1468        IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys

19:15:30.0986 1468        IPMIDRV - ok

19:15:31.0017 1468        IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys

19:15:31.0049 1468        IPNAT - ok

19:15:31.0111 1468        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys

19:15:31.0189 1468        IRENUM - ok

19:15:31.0205 1468        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys

19:15:31.0236 1468        isapnp - ok

19:15:31.0283 1468        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys

19:15:31.0314 1468        iScsiPrt - ok

19:15:31.0361 1468        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys

19:15:31.0376 1468        kbdclass - ok

19:15:31.0423 1468        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys

19:15:31.0454 1468        kbdhid - ok

19:15:31.0485 1468        KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys

19:15:31.0517 1468        KSecDD - ok

19:15:31.0548 1468        KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys

19:15:31.0579 1468        KSecPkg - ok

19:15:31.0641 1468        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys

19:15:31.0688 1468        lltdio - ok

19:15:31.0735 1468        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys

19:15:31.0751 1468        LSI_FC - ok

19:15:31.0766 1468        LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys

19:15:31.0782 1468        LSI_SAS - ok

19:15:31.0797 1468        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys

19:15:31.0813 1468        LSI_SAS2 - ok

19:15:31.0844 1468        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys

19:15:31.0860 1468        LSI_SCSI - ok

19:15:31.0891 1468        luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys

19:15:31.0969 1468        luafv - ok

19:15:32.0000 1468        megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys

19:15:32.0016 1468        megasas - ok

19:15:32.0031 1468        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys

19:15:32.0047 1468        MegaSR - ok

19:15:32.0078 1468        Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys

19:15:32.0156 1468        Modem - ok

19:15:32.0172 1468        monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys

19:15:32.0187 1468        monitor - ok

19:15:32.0234 1468        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys

19:15:32.0281 1468        mouclass - ok

19:15:32.0328 1468        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys

19:15:32.0359 1468        mouhid - ok

19:15:32.0375 1468        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys

19:15:32.0390 1468        mountmgr - ok

19:15:32.0437 1468        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys

19:15:32.0468 1468        mpio - ok

19:15:32.0484 1468        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys

19:15:32.0531 1468        mpsdrv - ok

19:15:32.0562 1468        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys

19:15:32.0640 1468        MRxDAV - ok

19:15:32.0702 1468        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys

19:15:32.0749 1468        mrxsmb - ok

19:15:32.0780 1468        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys

19:15:32.0827 1468        mrxsmb10 - ok

19:15:32.0858 1468        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys

19:15:32.0889 1468        mrxsmb20 - ok

19:15:32.0921 1468        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys

19:15:32.0936 1468        msahci - ok

19:15:32.0983 1468        msdsm           (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys

19:15:32.0999 1468        msdsm - ok

19:15:33.0030 1468        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys

19:15:33.0108 1468        Msfs - ok

19:15:33.0123 1468        mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys

19:15:33.0170 1468        mshidkmdf - ok

19:15:33.0201 1468        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys

19:15:33.0217 1468        msisadrv - ok

19:15:33.0264 1468        MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys

19:15:33.0311 1468        MSKSSRV - ok

19:15:33.0342 1468        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys

19:15:33.0389 1468        MSPCLOCK - ok

19:15:33.0420 1468        MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys

19:15:33.0451 1468        MSPQM - ok

19:15:33.0498 1468        MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys

19:15:33.0513 1468        MsRPC - ok

19:15:33.0560 1468        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys

19:15:33.0576 1468        mssmbios - ok

19:15:33.0623 1468        MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys

19:15:33.0654 1468        MSTEE - ok

19:15:33.0654 1468        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys

19:15:33.0685 1468        MTConfig - ok

19:15:33.0716 1468        Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys

19:15:33.0732 1468        Mup - ok

19:15:33.0779 1468        NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys

19:15:33.0825 1468        NativeWifiP - ok

19:15:33.0888 1468        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys

19:15:33.0919 1468        NDIS - ok

19:15:33.0935 1468        NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys

19:15:33.0981 1468        NdisCap - ok

19:15:34.0013 1468        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys

19:15:34.0106 1468        NdisTapi - ok

19:15:34.0137 1468        Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys

19:15:34.0200 1468        Ndisuio - ok

19:15:34.0231 1468        NdisWan         (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys

19:15:34.0278 1468        NdisWan - ok

19:15:34.0309 1468        NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys

19:15:34.0356 1468        NDProxy - ok

19:15:34.0403 1468        NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys

19:15:34.0465 1468        NetBIOS - ok

19:15:34.0496 1468        NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys

19:15:34.0543 1468        NetBT - ok

19:15:34.0605 1468        nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys

19:15:34.0621 1468        nfrd960 - ok

19:15:34.0637 1468        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys

19:15:34.0699 1468        Npfs - ok

19:15:34.0730 1468        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys

19:15:34.0777 1468        nsiproxy - ok

19:15:34.0824 1468        Ntfs            (33c3093d09017cfe2e219f2472bff6eb) C:\windows\system32\drivers\Ntfs.sys

19:15:34.0886 1468        Ntfs - ok

19:15:34.0917 1468        Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys

19:15:34.0949 1468        Null - ok

19:15:35.0229 1468        nvlddmkm        (1f144bd1fecb52fe4dc18fafe70ff7af) C:\windows\system32\DRIVERS\nvlddmkm.sys

19:15:35.0588 1468        nvlddmkm - ok

19:15:35.0697 1468        nvraid          (af2eec9580c1d32fb7eaf105d9784061) C:\windows\system32\drivers\nvraid.sys

19:15:35.0729 1468        nvraid - ok

19:15:35.0744 1468        nvstor          (9283c58ebaa2618f93482eb5dabcec82) C:\windows\system32\drivers\nvstor.sys

19:15:35.0760 1468        nvstor - ok

19:15:35.0807 1468        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys

19:15:35.0838 1468        nv_agp - ok

19:15:35.0900 1468        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys

19:15:35.0947 1468        ohci1394 - ok

19:15:36.0009 1468        Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys

19:15:36.0072 1468        Parport - ok

19:15:36.0103 1468        partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys

19:15:36.0119 1468        partmgr - ok

19:15:36.0134 1468        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys

19:15:36.0150 1468        Parvdm - ok

19:15:36.0197 1468        pci             (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys

19:15:36.0228 1468        pci - ok

19:15:36.0259 1468        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys

19:15:36.0275 1468        pciide - ok

19:15:36.0290 1468        pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys

19:15:36.0321 1468        pcmcia - ok

19:15:36.0337 1468        pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys

19:15:36.0353 1468        pcw - ok

19:15:36.0384 1468        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys

19:15:36.0446 1468        PEAUTH - ok

19:15:36.0524 1468        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys

19:15:36.0555 1468        PptpMiniport - ok

19:15:36.0571 1468        Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys

19:15:36.0587 1468        Processor - ok

19:15:36.0649 1468        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys

19:15:36.0680 1468        Psched - ok

19:15:36.0743 1468        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys

19:15:36.0789 1468        ql2300 - ok

19:15:36.0805 1468        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys

19:15:36.0821 1468        ql40xx - ok

19:15:36.0836 1468        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys

19:15:36.0867 1468        QWAVEdrv - ok

19:15:36.0883 1468        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys

19:15:36.0914 1468        RasAcd - ok

19:15:36.0961 1468        RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys

19:15:37.0023 1468        RasAgileVpn - ok

19:15:37.0055 1468        Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys

19:15:37.0086 1468        Rasl2tp - ok

19:15:37.0133 1468        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys

19:15:37.0179 1468        RasPppoe - ok

19:15:37.0195 1468        RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys

19:15:37.0226 1468        RasSstp - ok

19:15:37.0257 1468        rdbss           (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys

19:15:37.0335 1468        rdbss - ok

19:15:37.0367 1468        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys

19:15:37.0382 1468        rdpbus - ok

19:15:37.0413 1468        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys

19:15:37.0460 1468        RDPCDD - ok

19:15:37.0507 1468        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys

19:15:37.0538 1468        RDPENCDD - ok

19:15:37.0554 1468        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys

19:15:37.0569 1468        RDPREFMP - ok

19:15:37.0616 1468        RDPWD           (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys

19:15:37.0647 1468        RDPWD - ok

19:15:37.0710 1468        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys

19:15:37.0725 1468        rdyboost - ok

19:15:37.0788 1468        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys

19:15:37.0835 1468        rspndr - ok

19:15:37.0881 1468        RTL8167         (6465166dd9b2f841dabad16abdadbe98) C:\windows\system32\DRIVERS\Rt86win7.sys

19:15:37.0928 1468        RTL8167 - ok

19:15:37.0959 1468        SABI            (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys

19:15:37.0991 1468        SABI - ok

19:15:38.0053 1468        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys

19:15:38.0069 1468        sbp2port - ok

19:15:38.0115 1468        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys

19:15:38.0147 1468        scfilter - ok

19:15:38.0193 1468        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys

19:15:38.0240 1468        secdrv - ok

19:15:38.0303 1468        Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys

19:15:38.0318 1468        Serenum - ok

19:15:38.0365 1468        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys

19:15:38.0396 1468        Serial - ok

19:15:38.0443 1468        sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys

19:15:38.0474 1468        sermouse - ok

19:15:38.0521 1468        sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys

19:15:38.0568 1468        sffdisk - ok

19:15:38.0583 1468        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys

19:15:38.0615 1468        sffp_mmc - ok

19:15:38.0646 1468        sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys

19:15:38.0661 1468        sffp_sd - ok

19:15:38.0693 1468        sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys

19:15:38.0739 1468        sfloppy - ok

19:15:38.0771 1468        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys

19:15:38.0786 1468        sisagp - ok

19:15:38.0817 1468        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys

19:15:38.0833 1468        SiSRaid2 - ok

19:15:38.0849 1468        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys

19:15:38.0864 1468        SiSRaid4 - ok

19:15:38.0895 1468        Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys

19:15:38.0942 1468        Smb - ok

19:15:39.0005 1468        spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys

19:15:39.0020 1468        spldr - ok

19:15:39.0114 1468        srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys

19:15:39.0176 1468        srv - ok

19:15:39.0192 1468        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys

19:15:39.0239 1468        srv2 - ok

19:15:39.0270 1468        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys

19:15:39.0301 1468        srvnet - ok

19:15:39.0348 1468        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys

19:15:39.0348 1468        ssmdrv - ok

19:15:39.0441 1468        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys

19:15:39.0457 1468        stexstor - ok

19:15:39.0504 1468        swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys

19:15:39.0519 1468        swenum - ok

19:15:39.0582 1468        SynTP           (7a9025d8f7852b06d6d08ed536135e7e) C:\windows\system32\DRIVERS\SynTP.sys

19:15:39.0644 1468        SynTP - ok

19:15:39.0722 1468        Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys

19:15:39.0785 1468        Tcpip - ok

19:15:39.0800 1468        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys

19:15:39.0831 1468        TCPIP6 - ok

19:15:39.0863 1468        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys

19:15:39.0909 1468        tcpipreg - ok

19:15:39.0956 1468        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys

19:15:39.0987 1468        TDPIPE - ok

19:15:40.0019 1468        TDTCP           (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys

19:15:40.0065 1468        TDTCP - ok

19:15:40.0112 1468        tdx             (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys

19:15:40.0143 1468        tdx - ok

19:15:40.0175 1468        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys

19:15:40.0206 1468        TermDD - ok

19:15:40.0237 1468        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys

19:15:40.0284 1468        tssecsrv - ok

19:15:40.0331 1468        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys

19:15:40.0362 1468        TsUsbFlt - ok

19:15:40.0424 1468        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys

19:15:40.0487 1468        tunnel - ok

19:15:40.0518 1468        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys

19:15:40.0533 1468        uagp35 - ok

19:15:40.0580 1468        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys

19:15:40.0643 1468        udfs - ok

19:15:40.0689 1468        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys

19:15:40.0705 1468        uliagpkx - ok

19:15:40.0752 1468        umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys

19:15:40.0767 1468        umbus - ok

19:15:40.0783 1468        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys

19:15:40.0814 1468        UmPass - ok

19:15:40.0861 1468        USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys

19:15:40.0923 1468        USBAAPL - ok

19:15:40.0955 1468        usbccgp         (7e72e7d7e0757d59481d530fd2b0bfae) C:\windows\system32\drivers\usbccgp.sys

19:15:41.0001 1468        usbccgp - ok

19:15:41.0033 1468        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys

19:15:41.0064 1468        usbcir - ok

19:15:41.0079 1468        usbehci         (cfbce999c057d78979a181c9c60f208e) C:\windows\system32\drivers\usbehci.sys

19:15:41.0095 1468        usbehci - ok

19:15:41.0126 1468        usbhub          (9d22aad9ac6a07c691a1113e5f860868) C:\windows\system32\drivers\usbhub.sys

19:15:41.0173 1468        usbhub - ok

19:15:41.0173 1468        usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\drivers\usbohci.sys

19:15:41.0204 1468        usbohci - ok

19:15:41.0267 1468        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys

19:15:41.0313 1468        usbprint - ok

19:15:41.0345 1468        usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys

19:15:41.0360 1468        usbscan - ok

19:15:41.0407 1468        USBSTOR         (bf63ebfc6979fefb2bc03df7989a0c1a) C:\windows\system32\drivers\USBSTOR.SYS

19:15:41.0438 1468        USBSTOR - ok

19:15:41.0469 1468        usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\drivers\usbuhci.sys

19:15:41.0485 1468        usbuhci - ok

19:15:41.0532 1468        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys

19:15:41.0610 1468        usbvideo - ok

19:15:41.0657 1468        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys

19:15:41.0688 1468        vdrvroot - ok

19:15:41.0719 1468        vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys

19:15:41.0750 1468        vga - ok

19:15:41.0766 1468        VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys

19:15:41.0797 1468        VgaSave - ok

19:15:41.0844 1468        vhdmp           (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys

19:15:41.0875 1468        vhdmp - ok

19:15:41.0906 1468        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys

19:15:41.0922 1468        viaagp - ok

19:15:41.0937 1468        ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys

19:15:41.0984 1468        ViaC7 - ok

19:15:42.0015 1468        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys

19:15:42.0031 1468        viaide - ok

19:15:42.0062 1468        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys

19:15:42.0078 1468        volmgr - ok

19:15:42.0125 1468        volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys

19:15:42.0140 1468        volmgrx - ok

19:15:42.0187 1468        volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys

19:15:42.0203 1468        volsnap - ok

19:15:42.0249 1468        vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys

19:15:42.0265 1468        vsmraid - ok

19:15:42.0281 1468        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys

19:15:42.0359 1468        vwifibus - ok

19:15:42.0390 1468        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys

19:15:42.0452 1468        vwififlt - ok

19:15:42.0483 1468        vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys

19:15:42.0530 1468        vwifimp - ok

19:15:42.0546 1468        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys

19:15:42.0593 1468        WacomPen - ok

19:15:42.0624 1468        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

19:15:42.0671 1468        WANARP - ok

19:15:42.0671 1468        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

19:15:42.0702 1468        Wanarpv6 - ok

19:15:42.0780 1468        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys

19:15:42.0795 1468        Wd - ok

19:15:42.0811 1468        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys

19:15:42.0842 1468        Wdf01000 - ok

19:15:42.0905 1468        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys

19:15:42.0936 1468        WfpLwf - ok

19:15:42.0936 1468        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys

19:15:42.0951 1468        WIMMount - ok

19:15:43.0029 1468        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys

19:15:43.0076 1468        WinUsb - ok

19:15:43.0107 1468        WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys

19:15:43.0139 1468        WmiAcpi - ok

19:15:43.0185 1468        ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys

19:15:43.0248 1468        ws2ifsl - ok

19:15:43.0295 1468        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys

19:15:43.0373 1468        WudfPf - ok

19:15:43.0419 1468        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys

19:15:43.0466 1468        WUDFRd - ok

19:15:43.0529 1468        MBR (0x1B8)     (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0

19:15:43.0919 1468        \Device\Harddisk0\DR0 - ok

19:15:43.0934 1468        Boot (0x1200)   (ffcf558f995dc6506b87e0580f61da7e) \Device\Harddisk0\DR0\Partition0

19:15:43.0950 1468        \Device\Harddisk0\DR0\Partition0 - ok

19:15:43.0950 1468        Boot (0x1200)   (1fc161b5ac31634e8cc59e6a45853ebb) \Device\Harddisk0\DR0\Partition1

19:15:43.0965 1468        \Device\Harddisk0\DR0\Partition1 - ok

19:15:43.0981 1468        Boot (0x1200)   (01b08efadb813ceb3e5708f761c58946) \Device\Harddisk0\DR0\Partition2

19:15:43.0981 1468        \Device\Harddisk0\DR0\Partition2 - ok

19:15:43.0981 1468        ============================================================

19:15:43.0981 1468        Scan finished

19:15:43.0981 1468        ============================================================

19:15:43.0997 5744        Detected object count: 0

19:15:43.0997 5744        Actual detected object count: 0

das Problem, dass ich nicht auf meine eigenen Dateien zugreifen kann oder etwas nicht angezeigt wird, besteht anscheinend nicht

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Code:

ComboFix 12-01-10.02 - tim 11.01.2012  23:18:03.2.2 - x86

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3037.1938 [GMT 1:00]

ausgeführt von:: c:\users\tim\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-12-11 bis 2012-01-11  ))))))))))))))))))))))))))))))

.

.

2012-01-11 22:22 . 2012-01-11 22:22        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2012-01-11 22:22 . 2012-01-11 22:22        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-01-11 12:48 . 2012-01-11 12:48        --------        d-----w-        C:\_OTL

2012-01-10 21:17 . 2011-11-30 01:21        6823496        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{02202933-2B83-4C74-951B-2249CAC0CC3C}\mpengine.dll

2012-01-10 21:17 . 2011-11-15 13:29        222080        ------w-        c:\windows\system32\MpSigStub.exe

2012-01-10 19:02 . 2012-01-10 19:02        --------        d-----w-        c:\program files\iPod

2012-01-10 19:02 . 2012-01-10 19:03        --------        d-----w-        c:\program files\iTunes

2012-01-10 17:54 . 2012-01-10 17:54        --------        d-----w-        c:\program files\Common Files\Java

2012-01-10 00:30 . 2012-01-10 00:30        --------        d-----w-        c:\program files\ESET

2012-01-09 23:28 . 2012-01-09 23:28        --------        d-----w-        c:\users\tim\AppData\Roaming\Malwarebytes

2012-01-09 23:28 . 2012-01-09 23:28        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-01-09 23:28 . 2012-01-09 23:28        --------        d-----w-        c:\programdata\Malwarebytes

2012-01-09 23:28 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-19 11:36 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll

2011-11-10 04:54 . 2011-03-02 13:01        472808        ----a-w-        c:\windows\system32\deployJava1.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]

"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

.

c:\users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-01 1343400]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]

S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 73505320

*Deregistered* - 73505320

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

uInternet Settings,ProxyOverride = *.local

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{D24FC75C-5E3A-4CD8-BCAC-AF5D2F431E78}: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\6dcolznk.default\

FF - prefs.js: browser.search.selectedEngine - 

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-01-11  23:24:24

ComboFix-quarantined-files.txt  2012-01-11 22:24

ComboFix2.txt  2012-01-11 22:09

.

Vor Suchlauf: 14 Verzeichnis(se), 107.080.835.072 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 107.037.425.664 Bytes frei

.

- - End Of File - - 3A218BFA0285A99E98A7B7FF50A234B7

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Antivir hat vorhin anscheinend etwas gedeckt, allerdings in der ComboFix Datei... hm

Code:



Avira AntiVir Personal

Erstellungsdatum der Reportdatei: Donnerstag, 12. Januar 2012  21:48
 

Es wird nach 3065252 Virenstämmen gesucht.
 

Das Programm läuft als uneingeschränkte Vollversion.

Online-Dienste stehen zur Verfügung.
 

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus

Seriennummer   : 0000149996-ADJIE-0000001

Plattform      : Windows 7

Windowsversion : (Service Pack 1)  [6.1.7601]

Boot Modus     : Normal gebootet

Benutzername   : SYSTEM

Computername   : TIM-PC
 

Versionsinformationen:

BUILD.DAT      : 10.2.0.704     35934 Bytes  28.09.2011 13:14:00

AVSCAN.EXE     : 10.3.0.7      484008 Bytes  29.06.2011 08:31:01

AVSCAN.DLL     : 10.0.5.0       57192 Bytes  29.06.2011 08:31:00

LUKE.DLL       : 10.3.0.5       45416 Bytes  29.06.2011 08:31:01

LUKERES.DLL    : 10.0.0.0       13672 Bytes  14.01.2010 10:59:47

AVSCPLR.DLL    : 10.3.0.7      119656 Bytes  29.06.2011 08:31:02

AVREG.DLL      : 10.3.0.9       88833 Bytes  13.07.2011 09:54:13

VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 08:05:36

VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 13:23:11

VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 20:10:53

VBASE003.VDF   : 7.11.19.171     2048 Bytes  20.12.2011 20:10:53

VBASE004.VDF   : 7.11.19.172     2048 Bytes  20.12.2011 20:10:53

VBASE005.VDF   : 7.11.19.173     2048 Bytes  20.12.2011 20:10:53

VBASE006.VDF   : 7.11.19.174     2048 Bytes  20.12.2011 20:10:53

VBASE007.VDF   : 7.11.19.175     2048 Bytes  20.12.2011 20:10:53

VBASE008.VDF   : 7.11.19.176     2048 Bytes  20.12.2011 20:10:54

VBASE009.VDF   : 7.11.19.177     2048 Bytes  20.12.2011 20:10:54

VBASE010.VDF   : 7.11.19.178     2048 Bytes  20.12.2011 20:10:54

VBASE011.VDF   : 7.11.19.179     2048 Bytes  20.12.2011 20:10:54

VBASE012.VDF   : 7.11.19.180     2048 Bytes  20.12.2011 20:10:54

VBASE013.VDF   : 7.11.19.217   182784 Bytes  22.12.2011 00:59:35

VBASE014.VDF   : 7.11.19.255   148480 Bytes  24.12.2011 11:21:14

VBASE015.VDF   : 7.11.20.29    164352 Bytes  27.12.2011 12:00:11

VBASE016.VDF   : 7.11.20.70    180224 Bytes  29.12.2011 11:20:04

VBASE017.VDF   : 7.11.20.102   240640 Bytes  02.01.2012 12:07:11

VBASE018.VDF   : 7.11.20.139   164864 Bytes  04.01.2012 11:20:02

VBASE019.VDF   : 7.11.20.178   167424 Bytes  06.01.2012 11:19:59

VBASE020.VDF   : 7.11.20.207   230400 Bytes  10.01.2012 15:59:35

VBASE021.VDF   : 7.11.20.236   150528 Bytes  11.01.2012 15:59:36

VBASE022.VDF   : 7.11.20.237     2048 Bytes  11.01.2012 15:59:36

VBASE023.VDF   : 7.11.20.238     2048 Bytes  11.01.2012 15:59:36

VBASE024.VDF   : 7.11.20.239     2048 Bytes  11.01.2012 15:59:36

VBASE025.VDF   : 7.11.20.240     2048 Bytes  11.01.2012 15:59:36

VBASE026.VDF   : 7.11.20.241     2048 Bytes  11.01.2012 15:59:36

VBASE027.VDF   : 7.11.20.242     2048 Bytes  11.01.2012 15:59:36

VBASE028.VDF   : 7.11.20.243     2048 Bytes  11.01.2012 15:59:36

VBASE029.VDF   : 7.11.20.244     2048 Bytes  11.01.2012 15:59:36

VBASE030.VDF   : 7.11.20.245     2048 Bytes  11.01.2012 15:59:36

VBASE031.VDF   : 7.11.21.0      77824 Bytes  12.01.2012 15:59:36

Engineversion  : 8.2.8.22  

AEVDF.DLL      : 8.1.2.2       106868 Bytes  25.10.2011 20:18:11

AESCRIPT.DLL   : 8.1.3.96      434554 Bytes  12.01.2012 15:59:40

AESCN.DLL      : 8.1.7.2       127349 Bytes  10.01.2011 13:22:49

AESBX.DLL      : 8.2.4.5       434549 Bytes  02.12.2011 10:33:10

AERDL.DLL      : 8.1.9.15      639348 Bytes  09.09.2011 05:34:09

AEPACK.DLL     : 8.2.15.1      770423 Bytes  13.12.2011 20:47:48

AEOFFICE.DLL   : 8.1.2.25      201084 Bytes  30.12.2011 11:20:09

AEHEUR.DLL     : 8.1.3.15     4264310 Bytes  12.01.2012 15:59:39

AEHELP.DLL     : 8.1.18.0      254327 Bytes  25.10.2011 20:18:01

AEGEN.DLL      : 8.1.5.17      405877 Bytes  08.12.2011 20:07:46

AEEMU.DLL      : 8.1.3.0       393589 Bytes  10.01.2011 13:22:42

AECORE.DLL     : 8.1.24.3      201079 Bytes  29.12.2011 11:47:17

AEBB.DLL       : 8.1.1.0        53618 Bytes  10.01.2011 13:22:41

AVWINLL.DLL    : 10.0.0.0       19304 Bytes  10.01.2011 13:22:56

AVPREF.DLL     : 10.0.3.2       44904 Bytes  29.06.2011 08:31:00

AVREP.DLL      : 10.0.0.10     174120 Bytes  19.05.2011 10:23:18

AVARKT.DLL     : 10.0.26.1     255336 Bytes  29.06.2011 08:31:00

AVEVTLOG.DLL   : 10.0.0.9      203112 Bytes  29.06.2011 08:31:00

SQLITE3.DLL    : 3.6.19.0      355688 Bytes  17.06.2010 13:27:02

AVSMTP.DLL     : 10.0.0.17      63848 Bytes  10.01.2011 13:22:56

NETNT.DLL      : 10.0.0.0       11624 Bytes  17.06.2010 13:27:01

RCIMAGE.DLL    : 10.0.0.35    2589544 Bytes  29.06.2011 08:31:00

RCTEXT.DLL     : 10.0.64.0      98664 Bytes  29.06.2011 08:31:00
 

Konfiguration für den aktuellen Suchlauf:

Job Name..............................: avguard_async_scan

Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f355425\guard_slideup.avp

Protokollierung.......................: standard

Primäre Aktion........................: reparieren

Sekundäre Aktion......................: quarantäne

Durchsuche Masterbootsektoren.........: ein

Durchsuche Bootsektoren...............: aus

Durchsuche aktive Programme...........: ein

Durchsuche Registrierung..............: aus

Suche nach Rootkits...................: aus

Integritätsprüfung von Systemdateien..: aus

Datei Suchmodus.......................: Alle Dateien

Durchsuche Archive....................: ein

Rekursionstiefe einschränken..........: 20

Archiv Smart Extensions...............: ein

Makrovirenheuristik...................: ein

Dateiheuristik........................: vollständig
 

Beginn des Suchlaufs: Donnerstag, 12. Januar 2012  21:48
 

Der Suchlauf über gestartete Prozesse wird begonnen:

Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'iPodService.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'soffice.bin' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SynTPHelper.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'soffice.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'nvtray.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'BJMYPRT.EXE' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'dmhkcore.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'EasySpeedUpManager.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'WCScheduler.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'SSCKbdHk.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'nvvsvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'NvXDSync.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sqlwriter.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sqlbrowser.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'OberonGameConsoleService.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'IJPLMSVC.EXE' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'conhost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'BcmSqlStartupSvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'nvvsvc.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht

Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
 

Der Suchlauf über die ausgewählten Dateien wird begonnen:
 

Beginne mit der Suche in 'C:\Users\tim\Desktop\ComboFix.exe'

C:\Users\tim\Desktop\ComboFix.exe

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a08eaa3.qua' verschoben!
 
 

Ende des Suchlaufs: Donnerstag, 12. Januar 2012  21:48

Benötigte Zeit: 00:04 Minute(n)
 

Der Suchlauf wurde vollständig durchgeführt.
 

      0 Verzeichnisse wurden überprüft

    290 Dateien wurden geprüft

      1 Viren bzw. unerwünschte Programme wurden gefunden

      0 Dateien wurden als verdächtig eingestuft

      0 Dateien wurden gelöscht

      0 Viren bzw. unerwünschte Programme wurden repariert

      1 Dateien wurden in die Quarantäne verschoben

      0 Dateien wurden umbenannt

      0 Dateien konnten nicht durchsucht werden

    289 Dateien ohne Befall

      6 Archive wurden durchsucht

      0 Warnungen

      1 Hinweise

hier der GMER Bericht:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-01-12 23:05:25

Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1

Running: hsi9qys8.exe; Driver: C:\Users\tim\AppData\Local\Temp\uwldipow.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            8E5D0CC6                                 ZwCreateSection

SSDT            8E5D0CCB                                 ZwSetContextThread

SSDT            8E5D0C67                                 ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntoskrnl.exe!ZwSaveKey + 13CD            82C369A9 1 Byte  [06]

.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2   82C564E2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text           ntoskrnl.exe!KeRemoveQueueEx + 14BF      82C5D87C 4 Bytes  [C6, 0C, 5D, 8E]

.text           ntoskrnl.exe!KeRemoveQueueEx + 185F      82C5DC1C 4 Bytes  [CB, 0C, 5D, 8E]

.text           ntoskrnl.exe!KeRemoveQueueEx + 1937      82C5DCF4 4 Bytes  [67, 0C, 5D, 8E]

PAGE            spsys.sys!?SPRevision@@3PADA + 4F90      AE42C000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]

PAGE            spsys.sys!?SPRevision@@3PADA + 50B3      AE42C123 629 Bytes  [75, 42, AE, FE, 05, 34, 75, ...]

PAGE            spsys.sys!?SPRevision@@3PADA + 5329      AE42C399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]

PAGE            spsys.sys!?SPRevision@@3PADA + 538F      AE42C3FF 148 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]

PAGE            spsys.sys!?SPRevision@@3PADA + 543B      AE42C4AB 2228 Bytes  [8B, FF, 55, 8B, EC, FF, 75, ...]

PAGE            ...                                      
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0  Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1  Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 

Device          \Driver\ACPI_HAL \Device\0000004a        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 

---- EOF - GMER 1.0.15 ----

osam:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 23:18:42 on 12.01.2012
 

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit

Default Browser: Microsoft Corporation Internet Explorer 8.00.7600.16385
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\windows\system32\FlashPlayerCPLApp.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\Users\tim\AppData\Local\Temp\catchme.sys  (File not found)

"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\fssfltr.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\windows\system32\nvshext.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{21347690-EC41-4F9A-8887-1F4AEE672439} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} "EPUImageControl Class" - "eBay, Inc." - C:\Windows\Downloaded Program Files\EPUWALcontrol.dll / hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab

{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

{1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

"CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"

"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

"REGSHAVE" - "FUJI PHOTO FILM CO., LTD." - C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Canon Inkjet Printer/Scanner/Fax Extended Survey Program" (IJPLMSVC) - ? - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\windows\system32\nvvsvc.exe

"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

"Oberon Media Game Console service" (OberonGameConsoleService) - ? - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe

"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

so, und hier noch der letzte bericht

Code:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software

Run date: 2012-01-12 23:22:35

-----------------------------

23:22:35.847    OS Version: Windows 6.1.7601 Service Pack 1

23:22:35.847    Number of processors: 2 586 0x170A

23:22:35.863    ComputerName: TIM-PC  UserName: tim

23:22:55.769    Initialize success

23:26:55.193    AVAST engine defs: 12011201

23:27:14.101    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

23:27:14.101    Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 305245MB BusType: 3

23:27:14.116    Disk 0 MBR read successfully

23:27:14.116    Disk 0 MBR scan

23:27:14.132    Disk 0 unknown MBR code

23:27:14.132    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        15360 MB offset 2048

23:27:14.147    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328

23:27:14.163    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       144890 MB offset 31664128

23:27:14.194    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       144893 MB offset 328398848

23:27:14.194    Disk 0 scanning sectors +625139712

23:27:14.303    Disk 0 scanning C:\windows\system32\drivers

23:27:24.709    Service scanning

23:27:25.847    Modules scanning

23:27:34.443    Disk 0 trace - called modules:

23:27:34.474    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 

23:27:34.490    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86954030]

23:27:34.490    3 CLASSPNP.SYS[8be0c59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85b66028]

23:27:36.050    AVAST engine scan C:\windows

23:27:37.064    File: C:\windows\PEV.exe  **INFECTED** Win32:Rootkit-gen [Rtk]

23:27:38.624    AVAST engine scan C:\windows\system32

23:29:39.791    AVAST engine scan C:\windows\system32\drivers

23:29:49.619    AVAST engine scan C:\Users\tim

23:34:33.495    AVAST engine scan C:\ProgramData

23:35:30.466    Scan finished successfully

23:35:50.824    Disk 0 MBR has been saved successfully to "C:\Users\tim\Desktop\MBR.dat"

23:35:50.840    The log file has been saved successfully to "C:\Users\tim\Desktop\aswMBR.txt"