Trojaner-Board - Rootkit verlangsamt Programmstart und Copy/Paste-Vorgänge (Windows XP 64bit)

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Rootkit verlangsamt Programmstart und Copy/Paste-Vorgänge (Windows XP 64bit) (https://www.trojaner-board.de/111632-rootkit-verlangsamt-programmstart-copy-paste-vorgaenge-windows-xp-64bit.html)

Rootkit verlangsamt Programmstart und Copy/Paste-Vorgänge (Windows XP 64bit)

Hallo liebes Forum,

ich muss nach ca. vier Monaten leider erneut eure Hilfe in Anspruch nehmen, damals konnte ich dank einem markusg in Topform den "Bundespolizei"/"Windows System Recovery" -Trojaner von der Platte hauen (http://www.trojaner-board.de/105271-...trojaners.html).

Nun zu meinem Problem: Am 14.03. (also Mittwoch) hat mein Kaspersky bei der regelmäßigen Rootkit-Suche einen Trojaner direkt in seinem eigenen Application Data-Ordner gefunden (Trojan-Dropper.Win32.Genome.fhe) und auch sogleich unschädlich gemacht - der genaue Name und Aufenthaltsort war: "C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP12\Bases\Cache\kjim.kdl.a664805ecb7ca04b30ff6fd35d". Danach wurde ein kompletter Virenscan durchgeführt, der aber ohne weitere Treffer blieb und das System neugestartet. Schon beim Neustart konnte ich bemerken, dass das System wesentlich länger zum Hochfahren braucht als sonst, vor allem nach dem XP-Boot-Bildschirm dauert es nochmal gute 20-30 Sekunden, bis der Schwarze Schirm den Willkommensbildschirm zeigt. Programme brauchen beim Öffnen äußerst lange, v.a. bei meinem Browser Google Chrome (gut und gerne 20 Sekunden) ist es auffällig. Ansonsten verhält sich das System normal - wenn da nicht noch das verräterische Indiz wäre, dass jeder Copy-/Paste-Vorgang das System kurz freezen lässt...ich bin sicher, da tracked irgendein Trojaner noch mit.

Wie im Forum üblich, habe ich natürlich einen Malwarebytes Anti-Malware-Scan gemacht, der blieb aber ohne jeglichen Fund. Kaspersky findet auch immernoch nichts. Ich hatte noch den TDSSkiller von Kaspersky probiert, da das Rootkit sich ja "in der Familie" eingenistet hatte, aber auch das blieb erfolglos...hat jemand einen Rat?

Ich wäre für jegliche Hilfe sehr sehr dankbar!!

Beste Grüße
Bundeshase

Zitat:

hat mein Kaspersky bei der regelmäßigen Rootkit-Suche einen Trojaner direkt in seinem eigenen Application Data-Ordner gefunden (Trojan-Dropper.Win32.Genome.fhe) und auch sogleich unschädlich gemacht - der genaue Name und Aufenthaltsort war: "C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP12\Bases\Cache\kjim.kdl.a664805ecb7ca04b30ff6fd35d".

Kaspersky hat sich also selbst gefunden? :rofl:
Schau dir mal den Pfad an!

Zitat:

Zitat von cosinus (Beitrag 793749)

Kaspersky hat sich also selbst gefunden? :rofl:
Schau dir mal den Pfad an!

...total bekloppt, ich weiß :) Ich hatte mir das nur so erklären können, dass ein Rootkit sich ja als eine bekannte Datei in einem bekannten Pfad tarnt, um von dort Schaden anzurichten...und wie gesagt, seit Kaspersky diese Datei gelöscht hat, sind v.a. Programmstarts stark verlangsamt. Achja, und wenn ich im Explorer was Doppelklicke oder einen Ordnerpfad nach oben wechsle, freezed das ganze System kurz. Nicht, dass sich der Russe selbst ausgeknockt hat?! :D Soll ich Kaspersky vielleicht nochmal installieren?

...ich hab trotzdem das Gefühl, dass das erste Öffnen von Programmen, das Runterladen von Anlagen u.ä. total lahm geworden ist...gibt's denn noch ein Programm, mit dem ich eine Analyse starten könnte? Malwarebytes, Kaspersky und auch Hitman finden gar nix...:headbang:

Poste alle Logs von Malwarebytes auch wenn keine Funde dabei waren

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.19.04

Windows XP Service Pack 2 x64 NTFS
Internet Explorer 6.0.3790.1830
Administrator :: GREGSEN [Administrator]

19.03.2012 19:26:21
mbam-log-2012-03-19 (19-26-21).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 562014
Laufzeit: 1 Stunde(n), 37 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

...ein kleiner Nachtrag: Die Zeit, die Windows zum Hochfahren benötigt (gemessen vom Erscheinen des Windows-XP-Bildschirms bis zum Willkommensbildschirm) beträgt mittlerweile ganze 2 Minuten, vorher waren es maximal 30 Sekunden...das Einzige, was ich vor diesem merkwürdigen Kaspersky-Fehler neu installiert hatte, war ein Nvidia-Grafikkartentreiber, und der ist längst wieder deinstalliert...was für ein Ding treibt da nur sein Unwesen?? : /

...langsam wird's ekelig. Kaspersky meldet bei der Schwachstellensuche, dass Autostart von Festplatten, Laufwerken UND Netzwerkverbindungen aktiviert sind. Ferner hat der Internet-Explorer laut Kaspersky einige Webseiten in die Liste "Vertrauenswürdig" einzutragen - welche, versuche ich gerad herauszufinden...

...aber ich glaub, jetzt ist es klar dass es sich nur um einen Trojaner handeln kann, oder??

Der Trojaner ändert jetzt auch Ordneroptionen - "versteckte Dateien ausblenden" wurde wieder aktiviert, ebenso werden Dateiendungen bekannter Dateien auf versteckt gesetzt. Kann mir denn keiner einen Tip geben? :(

UPDATE: Eine Systemwiederherstellung auf den 10.03. hat mich entscheidend weitergebracht! Das System fährt in der gewohnten Geschwindigkeit hoch und funktioniert soweit auch wie gewohnt. Aber wie kann ich sichergehen, dass das System jetzt sauber ist? Soll ich mal einen OTL-Scan machen?

Das muss kein Schädling sein! Nur weil ein System langsamer hochfährt ist das lange kein Grund für eine hysterische Behauptung wie "Rootkit oder Trojaner vverlangsamt alles!"

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hi Arne - ich hatte ja eine ganze Liste verdächtiger Vorgänge geposted, und dass das System eigenmächtig Netzwerk- und Ordneroptionen ändert, klingt für mich schon extrem nach einem Trojaner...entschuldigung, wenn das hysterisch wirkte.

Hier die log.txt vom ESET Online-Scanner:

ESETSmartInstaller@High as downloader log:

all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=77f868b0b0ef86439fed1a800ffabf5c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-20 07:34:12
# local_time=2012-03-20 08:34:12 (+0100, W. Europe Standard Time)
# country="Germany"
# lang=1033
# osver=5.2.3790 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777191 100 0 12372 12372 0 0
# compatibility_mode=8192 67108863 100 0 602 602 0 0
# scanned=441479
# found=4
# cleaned=0
# scan_time=12306
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6(2).0\36(2)\31f02264-1788a515 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\My Documents\Downloads\daemon4123-lite.exe Win32/Adware.Toolbar.Shopper application (unable to clean) 00000000000000000000000000000000 I
D:\Program Files (x86)\DAEMON Tools Lite\uninst.exe Win32/Adware.Toolbar.Shopper application (unable to clean) 00000000000000000000000000000000 I
I:\Downloads\daemon4123-lite.exe Win32/Adware.Toolbar.Shopper application (unable to clean) 00000000000000000000000000000000 I

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hi Arne, im Anhang die OTL.txt!

OTL Logfile:

Code:

OTL logfile created on: 21.03.2012 16:03:53 - Run 2

OTL by OldTimer - Version 3.2.39.1     Folder = C:\Documents and Settings\Administrator\My Documents\Downloads\Viren Bekämpfung

64bit-Windows Server 2003  Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation

Internet Explorer (Version = 6.0.3790.1830)

Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

 

8,00 Gb Total Physical Memory | 7,10 Gb Available Physical Memory | 88,82% Memory free

9,58 Gb Paging File | 9,04 Gb Available in Paging File | 94,40% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 149,05 Gb Total Space | 46,16 Gb Free Space | 30,97% Space Free | Partition Type: NTFS

Drive D: | 149,05 Gb Total Space | 39,46 Gb Free Space | 26,48% Space Free | Partition Type: NTFS

Drive G: | 465,76 Gb Total Space | 167,75 Gb Free Space | 36,02% Space Free | Partition Type: NTFS

Drive I: | 465,76 Gb Total Space | 117,15 Gb Free Space | 25,15% Space Free | Partition Type: NTFS

 

Computer Name: GREGSEN | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC -  File not found

PRC - C:\Documents and Settings\Administrator\My Documents\Downloads\Viren Bekämpfung\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)

PRC - C:\WINDOWS\SysWOW64\PnkBstrA.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()

MOD - C:\WINDOWS\SysWOW64\PnkBstrA.exe ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)

SRV - (PnkBstrA) -- C:\WINDOWS\SysWOW64\PnkBstrA.exe ()

SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (UxTuneUp) -- C:\WINDOWS\SysWOW64\uxtuneup.dll (TuneUp Software GmbH)

SRV - (Spooler) -- C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)

SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (UMWdf) -- C:\WINDOWS\SysWOW64\wdfmgr.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (mnmdd) -- C:\WINDOWS\SysWow64\mnmdd.dll (Microsoft Corporation)

DRV - (Winsock) -- C:\WINDOWS\SysWow64\winsock.dll (Microsoft Corporation)

DRV - (SCR33x USB Smart Card Reader) -- C:\WINDOWS\SysWOW64\Drivers\SCR33X2K.sys (SCM Microsystems Inc.)

DRV - (STC2DFU) -- C:\WINDOWS\SysWOW64\Drivers\Stc2Dfu.sys (SCM Microsystems Inc.)

DRV - (PQNTDrv) -- C:\WINDOWS\SysWow64\drivers\PQNTDRV.sys (PowerQuest Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1842288277-1471284191-759357367-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/

IE - HKU\S-1-5-21-1842288277-1471284191-759357367-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.03.20 13:53:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.03.20 13:53:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.03.20 13:53:38 | 000,000,000 | ---D | M]

 

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll

CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll

CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll

CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\plugin/npUrlAdvisor.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Modul zur Link-Untersuchung = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\

CHR - Extension: Virtuelle Tastatur = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\

CHR - Extension: Click to activate/deactivate ProxTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\

CHR - Extension: Anti-Banner = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

 

Hosts file not found

O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O3:64bit: - HKU\S-1-5-21-1842288277-1471284191-759357367-500\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found

O3:64bit: - HKU\S-1-5-21-1842288277-1471284191-759357367-500\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found

O3:64bit: - HKU\S-1-5-21-1842288277-1471284191-759357367-500\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found

O4:64bit: - HKLM..\Run: [FirefaceMixTray] firefacemix.exe File not found

O4:64bit: - HKLM..\Run: [FirefaceTray] fireface.exe File not found

O4:64bit: - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\IMKR6_1\imekrmig.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup File not found

O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()

O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()

O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found

O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found

O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1842288277-1471284191-759357367-500\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-1842288277-1471284191-759357367-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()

O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()

O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)

O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{599FAC89-3F93-4007-8AB3-2125F9E391C9}: NameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll File not found

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found

O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found

O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found

O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll File not found

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll File not found

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll File not found

O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll File not found

O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found

O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found

O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found

O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found

O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -  File not found

O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) -  File not found

O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: System - (lsass.exe) -  File not found

O20 - HKLM Winlogon: UserInit - (userinit) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) -  File not found

O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) -  File not found

O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) -  File not found

O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) -  File not found

O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) -  File not found

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found

O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) -  File not found

O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) -  File not found

O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) -  File not found

O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) -  File not found

O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) -  File not found

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found

O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) -  File not found

O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) -  File not found

O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) -  File not found

O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found

O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found

O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\system32\webcheck.dll File not found

O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found

O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found

O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.12.19 22:10:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009.07.17 18:01:40 | 000,000,000 | ---D | M] - I:\Autorun -- [ NTFS ]

O33 - MountPoints2\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\Shell - "" = AutoRun

O33 - MountPoints2\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\Shell\AutoRun\command - "" = H:\setup.exe -a

O33 - MountPoints2\{830fd1ae-d208-11dd-b41a-001838027a82}\Shell\AutoRun\command - "" = ej10fkdo.bat

O33 - MountPoints2\{830fd1ae-d208-11dd-b41a-001838027a82}\Shell\open\Command - "" = ej10fkdo.bat

O33 - MountPoints2\{afc11654-e986-11de-8a30-001838027a82}\Shell\AutoRun\command - "" = H:\i.cmd

O33 - MountPoints2\{afc11654-e986-11de-8a30-001838027a82}\Shell\open\Command - "" = H:\i.cmd

O33 - MountPoints2\{f04714d7-327b-11de-b292-001838027a82}\Shell\AutoRun\command - "" = i.cmd

O33 - MountPoints2\{f04714d7-327b-11de-b292-001838027a82}\Shell\open\Command - "" = i.cmd

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (bootdelete)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

 

MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

MsConfig:64bit - StartUpReg: Comrade.exe - hkey= - key= - C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)

MsConfig:64bit - StartUpReg: Google Update - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: NBJ - hkey= - key= - C:\Program Files (x86)\Nero\Nero BackItUp\NBJ.exe (Ahead Software AG)

MsConfig:64bit - StartUpReg: PHIME2002A - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

MsConfig:64bit - StartUpReg: SkyTel - hkey= - key= - C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)

MsConfig:64bit - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

MsConfig:64bit - StartUpReg: Steam - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig:64bit - State: "startup" - Reg Error: Key error.

 

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: sermouse.sys - Driver

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: wd.sys - Driver

SafeBootMin:64bit: WdfLoadGroup - 

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: wd.sys - Driver

SafeBootMin: WdfLoadGroup - 

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: hitmanpro35 - Reg Error: Value error.

SafeBootNet:64bit: hitmanpro35.sys - Reg Error: Value error.

SafeBootNet:64bit: HitmanPro35Crusader - Reg Error: Value error.

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: sermouse.sys - Driver

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: UploadMgr - Service

SafeBootNet:64bit: WdfLoadGroup - 

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SafeBootNet: hitmanpro35 - Reg Error: Value error.

SafeBootNet: hitmanpro35.sys - Reg Error: Value error.

SafeBootNet: HitmanPro35Crusader - Reg Error: Value error.

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: UploadMgr - Service

SafeBootNet: WdfLoadGroup - 

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX:64bit: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX:64bit: {220CAA73-59AD-463B-AD45-76ED835CA624} - .NET Framework

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player

ActiveX:64bit: {283807B5-2C60-11D0-A31D-00AA00B92C03} - Reg Error: Key error.

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX:64bit: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

ActiveX:64bit: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX:64bit: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX:64bit: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} - Help and Support Center

ActiveX:64bit: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 

ActiveX:64bit: {B6EC01E7-431D-4D29-B9D4-E1D74CAF0AB0} - .NET Framework

ActiveX:64bit: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX:64bit: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {220CAA73-59AD-463B-AD45-76ED835CA624} - .NET Framework

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\SysWOW64\Rundll32.exe C:\WINDOWS\SysWOW64\mscories.dll,Install

ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 

ActiveX: {B6EC01E7-431D-4D29-B9D4-E1D74CAF0AB0} - .NET Framework

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32:64bit: aux -  File not found

Drivers32:64bit: aux1 -  File not found

Drivers32:64bit: aux2 -  File not found

Drivers32:64bit: aux4 -  File not found

Drivers32:64bit: aux8 -  File not found

Drivers32:64bit: aux9 -  File not found

Drivers32:64bit: midi -  File not found

Drivers32:64bit: midi1 -  File not found

Drivers32:64bit: midi2 -  File not found

Drivers32:64bit: midi3 -  File not found

Drivers32:64bit: midi4 -  File not found

Drivers32:64bit: midi6 -  File not found

Drivers32:64bit: midi7 -  File not found

Drivers32:64bit: midimapper -  File not found

Drivers32:64bit: mixer -  File not found

Drivers32:64bit: mixer1 -  File not found

Drivers32:64bit: mixer2 -  File not found

Drivers32:64bit: mixer3 -  File not found

Drivers32:64bit: mixer4 -  File not found

Drivers32:64bit: mixer6 -  File not found

Drivers32:64bit: msacm.imaadpcm -  File not found

Drivers32:64bit: msacm.msadpcm -  File not found

Drivers32:64bit: msacm.msg711 -  File not found

Drivers32:64bit: msacm.msgsm610 -  File not found

Drivers32:64bit: msacm.trspch -  File not found

Drivers32:64bit: VIDC.FPS1 -  File not found

Drivers32:64bit: vidc.i420 -  File not found

Drivers32:64bit: vidc.iv31 -  File not found

Drivers32:64bit: vidc.iv32 -  File not found

Drivers32:64bit: vidc.iv41 -  File not found

Drivers32:64bit: vidc.iv50 -  File not found

Drivers32:64bit: vidc.iyuv -  File not found

Drivers32:64bit: vidc.mrle -  File not found

Drivers32:64bit: vidc.msvc -  File not found

Drivers32:64bit: vidc.uyvy -  File not found

Drivers32:64bit: vidc.yuy2 -  File not found

Drivers32:64bit: vidc.yvu9 -  File not found

Drivers32:64bit: vidc.yvyu -  File not found

Drivers32:64bit: wave -  File not found

Drivers32:64bit: wave1 -  File not found

Drivers32:64bit: wave2 -  File not found

Drivers32:64bit: wave3 -  File not found

Drivers32:64bit: wave4 -  File not found

Drivers32:64bit: wave6 -  File not found

Drivers32:64bit: wavemapper -  File not found

Drivers32: midi - C:\WINDOWS\SysWow64\KORGUMDD.DRV (KORG Inc.)

Drivers32: msacm.divxa32 - C:\WINDOWS\SysWow64\msaud32_divx.acm (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lhacm - C:\WINDOWS\SysWow64\lhacm.acm (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\SysWow64\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\WINDOWS\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: VIDC.FPS1 - C:\WINDOWS\SysWow64\frapsvid.dll (Beepa P/L)

Drivers32: vidc.iv31 - C:\WINDOWS\SysWow64\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\SysWow64\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\SysWow64\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\SysWOW64\ir50_32.dll (Intel Corporation)

Drivers32: vidc.XVID - C:\WINDOWS\SysWow64\xvidvfw.dll ()

Drivers32: vidc.yv12 - C:\WINDOWS\SysWow64\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.20 16:58:55 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe

[2012.03.20 14:00:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware

[2012.03.20 14:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware

[2012.03.20 13:42:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab

[2012.03.19 22:04:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

[2012.03.19 22:00:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation

[2012.03.19 21:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2012.03.19 21:45:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent

[2012.03.18 13:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2012

[2012.03.18 13:43:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Internet Security 2012

[2012.03.18 13:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

[2012.03.15 09:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Livestream Procaster

[2012.03.14 20:04:56 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.dll

[2012.03.08 00:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EA Logs

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.21 15:59:36 | 000,001,120 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.03.21 15:59:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.03.20 23:26:54 | 004,185,713 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SV_promopic_2.JPG

[2012.03.20 23:18:00 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.03.20 22:53:00 | 000,001,222 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1842288277-1471284191-759357367-500UA.job

[2012.03.20 17:08:33 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe

[2012.03.20 16:55:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job

[2012.03.20 14:00:18 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.18 12:27:18 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Ccleaner.lnk

[2012.03.18 12:27:14 | 000,126,342 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\2012-03-17-032_1.jpg

[2012.03.15 23:53:00 | 000,001,170 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1842288277-1471284191-759357367-500Core.job

[2012.03.15 09:27:39 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Livestream Procaster.lnk

[2012.03.14 13:42:30 | 000,001,914 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spotify.lnk

[2012.03.08 23:28:14 | 015,422,349 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Gamekeyz_net_ME3.zip

[2012.03.08 20:15:56 | 000,048,192 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NACHTMAHR_Zagreb.pdf

[2012.03.08 13:23:55 | 000,345,685 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Boarding Pass Zagreb.pdf

[2012.03.06 00:00:09 | 000,002,261 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RUBICon.lnk

[2012.02.27 15:02:52 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.03.20 23:26:46 | 004,185,713 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SV_promopic_2.JPG

[2012.03.20 14:00:18 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.18 12:27:14 | 000,126,342 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\2012-03-17-032_1.jpg

[2012.03.15 09:27:38 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Livestream Procaster.lnk

[2012.03.14 13:42:30 | 000,001,914 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spotify.lnk

[2012.03.08 23:27:42 | 015,422,349 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Gamekeyz_net_ME3.zip

[2012.03.08 20:15:56 | 000,048,192 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NACHTMAHR_Zagreb.pdf

[2012.03.08 13:23:54 | 000,345,685 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Boarding Pass Zagreb.pdf

[2011.11.27 23:40:56 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WebpageIcons.db

[2011.11.19 14:37:46 | 001,084,457 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache

[2011.11.19 14:37:43 | 000,186,836 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache

[2011.11.19 14:30:56 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache

[2011.11.19 01:48:02 | 000,338,432 | ---- | C] () -- C:\WINDOWS\SysWow64\sqlite36_engine.dll

[2011.11.17 03:06:56 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~8o7DZORhtBWtPF

[2011.11.17 03:06:56 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~8o7DZORhtBWtPFr

[2011.11.17 03:06:15 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\8o7DZORhtBWtPF

[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\SysWow64\xlive.dll.cat

[2010.06.24 07:02:45 | 000,000,048 | ---- | C] () -- C:\WINDOWS\SysWow64\ezsidmv.dat

 
 ========== LOP Check ==========

 

[2009.12.13 23:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acronis

[2008.12.27 23:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity

[2009.12.16 01:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Bioshock

[2010.02.21 20:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BSW

[2011.11.25 21:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DesktopIconForAmazon

[2010.06.21 02:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dropbox

[2011.03.22 16:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech

[2011.11.17 19:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Miranda

[2011.11.25 21:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Moyea

[2012.03.09 06:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mp3tag

[2011.11.19 01:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OCS

[2011.11.19 01:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera

[2011.10.03 19:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Origin

[2011.01.09 20:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PDF Writer

[2012.03.20 23:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Spotify

[2009.07.10 23:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Steinberg

[2009.12.12 19:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\streamripper

[2011.07.02 04:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TS3Client

[2008.12.27 03:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software

[2009.08.20 18:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\YouSendIt

[2009.12.13 23:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis

[2010.12.11 20:01:12 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS

[2011.10.03 21:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core

[2012.03.09 00:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Logs

[2011.10.03 21:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts

[2011.11.03 16:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eLicenser

[2011.11.25 15:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro

[2010.01.21 18:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MicroWorld

[2011.10.03 20:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin

[2011.01.09 20:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF Writer

[2011.09.17 18:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle

[2011.11.18 23:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redirected

[2008.12.27 03:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software

[2010.06.02 19:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft

[2008.12.19 23:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{623D32E9-0C62-4453-AD44-98B31F52A5E1}

[2010.06.15 22:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8BFD9D89-5EBF-4CAE-AA58-6AE68629BA0B}

[2012.03.20 16:55:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Routing.job

[2012.03.20 23:38:00 | 000,032,532 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

[2009.12.13 23:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis

[2009.02.04 18:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2009.01.16 20:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead

[2010.03.11 23:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard

[2010.11.24 21:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment

[2010.12.11 20:01:12 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS

[2011.10.03 21:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core

[2012.03.09 00:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Logs

[2011.10.03 21:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts

[2011.11.03 16:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eLicenser

[2011.11.25 15:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro

[2012.03.21 16:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

[2008.12.25 03:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2008.12.25 00:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd

[2008.12.25 00:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logitech

[2012.03.20 14:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010.06.30 12:56:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2011.07.04 00:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help

[2010.01.21 18:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MicroWorld

[2012.03.19 22:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

[2011.10.03 20:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin

[2011.11.17 05:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Tools

[2011.01.09 20:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF Writer

[2011.09.17 18:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle

[2011.11.18 23:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redirected

[2010.06.02 22:01:07 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SecuROM

[2011.11.13 22:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype

[2011.11.25 21:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun

[2008.12.27 03:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software

[2010.06.02 19:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft

[2008.12.19 23:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{623D32E9-0C62-4453-AD44-98B31F52A5E1}

[2010.06.15 22:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8BFD9D89-5EBF-4CAE-AA58-6AE68629BA0B}

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

[2006.11.29 21:33:08 | 002,538,535 | ---- | M] (Microsoft Corporation                                                                                                                                                                                                                                                                                       ) -- C:\Documents and Settings\All Users\Application Data\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe

[2012.03.18 14:20:45 | 000,065,840 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav12\12.0.0.374\patch_a.exe

[2012.03.18 14:20:46 | 000,057,648 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav12\12.0.0.374\patch_h.exe

[2012.03.18 14:20:50 | 000,098,704 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP12\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav12\12.0.0.374\sbstart.exe

 
 < %APPDATA%\*. >

[2009.12.13 23:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acronis

[2009.01.06 21:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe

[2010.08.22 19:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ahead

[2008.12.27 23:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity

[2009.12.16 01:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Bioshock

[2010.02.21 20:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BSW

[2011.11.25 21:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DesktopIconForAmazon

[2010.04.29 22:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DivX

[2010.06.21 02:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dropbox

[2009.01.29 20:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\dvdcss

[2011.01.09 22:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Google

[2009.03.01 09:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GRETECH

[2010.05.25 21:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Help

[2008.12.19 22:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities

[2008.12.19 22:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InstallShield

[2011.03.22 16:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech

[2008.12.25 00:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Logitech

[2008.12.25 00:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia

[2011.11.17 05:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2011.07.02 04:48:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft

[2011.11.17 19:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Miranda

[2011.11.25 21:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Moyea

[2011.11.23 23:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla

[2012.03.09 06:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mp3tag

[2011.11.19 01:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OCS

[2011.11.19 01:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera

[2011.10.03 19:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Origin

[2011.01.09 20:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PDF Writer

[2008.12.25 01:30:45 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data\SecuROM

[2012.02.27 15:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Skype

[2011.08.26 20:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\skypePM

[2012.03.20 23:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Spotify

[2009.07.10 23:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Steinberg

[2009.12.12 19:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\streamripper

[2009.01.11 18:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun

[2009.01.23 15:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\teamspeak2

[2011.07.02 04:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TS3Client

[2008.12.27 03:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software

[2008.12.25 03:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\vlc

[2008.12.25 03:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinRAR

[2009.08.20 18:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\YouSendIt

 
 < %APPDATA%\*.exe /s >

[2011.11.19 01:46:21 | 000,753,664 | ---- | M] (Microsoft) -- C:\Documents and Settings\Administrator\Application Data\DesktopIconForAmazon\IconForAmazon.exe

[2010.02.26 06:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe

[2010.06.17 16:23:41 | 000,089,831 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Uninstall.exe

[2011.06.10 23:26:33 | 003,080,864 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

[2009.07.17 18:09:48 | 000,010,752 | R--- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{83F12F73-D52E-40C0-93B1-463C311C4E17}\Icon8255BBAC1.exe

[2009.07.17 18:09:48 | 000,006,144 | R--- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{83F12F73-D52E-40C0-93B1-463C311C4E17}\Icon83F12F734.exe

[2009.07.17 18:09:48 | 000,015,360 | R--- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{83F12F73-D52E-40C0-93B1-463C311C4E17}\Icon83F12F738.exe

[2009.03.10 04:15:55 | 000,292,878 | R--- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{C962EF10-7539-477A-A0AD-F8CBD0E9F7E5}\ARPPRODUCTICON.exe

[2009.03.10 04:15:55 | 000,292,878 | R--- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{C962EF10-7539-477A-A0AD-F8CBD0E9F7E5}\NewShortcut1_F627668DCED74C3B92937B05B370A211.exe

[2009.03.10 04:15:55 | 000,292,878 | R--- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{C962EF10-7539-477A-A0AD-F8CBD0E9F7E5}\NewShortcut2_C8CBC5632A224D2D83650A01AF12D5F6.exe

[2009.03.10 04:15:55 | 000,292,878 | R--- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{C962EF10-7539-477A-A0AD-F8CBD0E9F7E5}\NewShortcut6_504C9DBC7EE645B2A9CF47F39BEDA88E.exe

[2009.07.17 18:51:46 | 000,015,360 | R--- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E910.exe

[2009.07.17 18:51:46 | 000,011,264 | R--- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E96.exe

[2009.08.11 11:23:52 | 000,003,638 | R--- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{FC61D07E-55A0-47CD-9DC4-DCF9E1D5804F}\_2cd672ae.exe

[2009.08.11 11:23:52 | 000,003,638 | R--- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{FC61D07E-55A0-47CD-9DC4-DCF9E1D5804F}\_4ae13d6c.exe

[2009.02.07 17:16:39 | 000,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Administrator\Application Data\Miranda\Received Files\266134600\uTorrent.exe

[2011.11.19 01:46:19 | 000,106,496 | ---- | M] (OCS) -- C:\Documents and Settings\Administrator\Application Data\OCS\SM\SearchAnonymizer.exe

[2011.11.19 01:46:19 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\OCS\SM\SearchAnonymizerHelper.exe

[2012.03.14 13:40:07 | 004,011,184 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\Administrator\Application Data\Spotify\spotify.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2007.02.18 13:00:00 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2007.02.18 13:00:00 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:atapi.sys

 
 < MD5 for: NETLOGON.DLL  >

[2007.02.18 13:00:00 | 000,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\SysWOW64\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2007.02.18 13:00:00 | 000,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\SysWOW64\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2007.02.18 13:00:00 | 000,602,624 | ---- | M] (Microsoft Corporation) MD5=89F37F23FAF74F802CD7F22CA4ABD4EF -- C:\WINDOWS\SysWOW64\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2007.02.18 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=B5FEB3B971A8B8C81CE9DE65031A87E5 -- C:\WINDOWS\SysWOW64\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\winlogon.exe

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 

< End of report >

--- --- ---

Wieso hast du eigentlich ein 64-Bit-WindowsXP :balla: dieses Windows ist nicht gerade verbreitet und wenn dann eher nur auf professionellen Workstations im Büro

Warum ist da nur der IE6 drauf :balla:

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O3:64bit: - HKU\S-1-5-21-1842288277-1471284191-759357367-500\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found

O3:64bit: - HKU\S-1-5-21-1842288277-1471284191-759357367-500\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found

O3:64bit: - HKU\S-1-5-21-1842288277-1471284191-759357367-500\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found

O4:64bit: - HKLM..\Run: [FirefaceMixTray] firefacemix.exe File not found

O4:64bit: - HKLM..\Run: [FirefaceTray] fireface.exe File not found

O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found

O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found

O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1842288277-1471284191-759357367-500\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-1842288277-1471284191-759357367-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.12.19 22:10:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009.07.17 18:01:40 | 000,000,000 | ---D | M] - I:\Autorun -- [ NTFS ]

O33 - MountPoints2\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\Shell - "" = AutoRun

O33 - MountPoints2\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\Shell\AutoRun\command - "" = H:\setup.exe -a

O33 - MountPoints2\{830fd1ae-d208-11dd-b41a-001838027a82}\Shell\AutoRun\command - "" = ej10fkdo.bat

O33 - MountPoints2\{830fd1ae-d208-11dd-b41a-001838027a82}\Shell\open\Command - "" = ej10fkdo.bat

O33 - MountPoints2\{afc11654-e986-11de-8a30-001838027a82}\Shell\AutoRun\command - "" = H:\i.cmd

O33 - MountPoints2\{afc11654-e986-11de-8a30-001838027a82}\Shell\open\Command - "" = H:\i.cmd

O33 - MountPoints2\{f04714d7-327b-11de-b292-001838027a82}\Shell\AutoRun\command - "" = i.cmd

O33 - MountPoints2\{f04714d7-327b-11de-b292-001838027a82}\Shell\open\Command - "" = i.cmd

[2011.11.17 03:06:56 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~8o7DZORhtBWtPF

[2011.11.17 03:06:56 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~8o7DZORhtBWtPFr

[2011.11.17 03:06:15 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\8o7DZORhtBWtPF

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hi Arne,

ich benutze Windows XP 64bit, weil das hier eine professionelle Workstation ist - mein Musikstudio läuft auf dem Rechner hier. Ist für die Programme mit denen ich arbeite einfach die ressourcenschonenste und stabilste Art zu arbeiten...aber halt auch sehr anfällig :). Wegen IE6...puh, den benutz ich ja nie, da hab ich ihn auch nie geupdated...:D

Vielen vielen Dank erstmal!! Ich finde das Engagement auf dieser Seite hier einfach grandios. Das System läuft nach Ausführen des Fixes nochmal um einiges schneller. Hier der Log:

All processes killed
========== OTL ==========
64bit-Registry value HKEY_USERS\S-1-5-21-1842288277-1471284191-759357367-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\ deleted successfully.
64bit-Registry value HKEY_USERS\S-1-5-21-1842288277-1471284191-759357367-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} deleted successfully.
Unable to delete 64bit registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\ .
64bit-Registry value HKEY_USERS\S-1-5-21-1842288277-1471284191-759357367-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FirefaceMixTray deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FirefaceTray deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\tscuninstall deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\tscuninstall not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\tscuninstall deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\tscuninstall deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1842288277-1471284191-759357367-500\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1842288277-1471284191-759357367-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\ not found.
File H:\setup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{830fd1ae-d208-11dd-b41a-001838027a82}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{830fd1ae-d208-11dd-b41a-001838027a82}\ not found.
File ej10fkdo.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{830fd1ae-d208-11dd-b41a-001838027a82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{830fd1ae-d208-11dd-b41a-001838027a82}\ not found.
File ej10fkdo.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afc11654-e986-11de-8a30-001838027a82}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afc11654-e986-11de-8a30-001838027a82}\ not found.
File H:\i.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afc11654-e986-11de-8a30-001838027a82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afc11654-e986-11de-8a30-001838027a82}\ not found.
File H:\i.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f04714d7-327b-11de-b292-001838027a82}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f04714d7-327b-11de-b292-001838027a82}\ not found.
File i.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f04714d7-327b-11de-b292-001838027a82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f04714d7-327b-11de-b292-001838027a82}\ not found.
File i.cmd not found.
C:\Documents and Settings\All Users\Application Data\~8o7DZORhtBWtPF moved successfully.
C:\Documents and Settings\All Users\Application Data\~8o7DZORhtBWtPFr moved successfully.
C:\Documents and Settings\All Users\Application Data\8o7DZORhtBWtPF moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 250728851 bytes
->Temporary Internet Files folder emptied: 49554 bytes
->Java cache emptied: 473570 bytes
->Google Chrome cache emptied: 134263687 bytes
->Flash cache emptied: 3084855 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294060 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294060 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2168024 bytes
%systemroot%\System32 .tmp files removed: 4265 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 176027 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 97500617 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 466,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.39.1 log created on 03212012_171321

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

WindowsXP x64 ist nicht gerade verbreitet. Zudem sollten alle Ansprüche mit dem wesentlich besser unterstütztem Vista oder 7 x64 auch abgedeckt werden aber nun gut...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Hi Arne,

hier der TDSS-Log (uguru, fireface und nvnusbaudio sind von mir bekannte und verwendete Programme/Treiber, bei dem vierten bin ich mir aber nicht sicher):

Code:

11:39:40.0687 3188        TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00

11:39:41.0125 3188        ============================================================

11:39:41.0125 3188        Current date / time: 2012/03/22 11:39:41.0125

11:39:41.0125 3188        SystemInfo:

11:39:41.0125 3188        

11:39:41.0125 3188        OS Version: 5.2.3790 ServicePack: 2.0

11:39:41.0125 3188        Product type: Workstation

11:39:41.0125 3188        ComputerName: GREGSEN

11:39:41.0125 3188        UserName: Administrator

11:39:41.0125 3188        Windows directory: C:\WINDOWS

11:39:41.0125 3188        System windows directory: C:\WINDOWS

11:39:41.0125 3188        Running under WOW64

11:39:41.0125 3188        Processor architecture: Intel x64

11:39:41.0125 3188        Number of processors: 4

11:39:41.0125 3188        Page size: 0x1000

11:39:41.0125 3188        Boot type: Normal boot

11:39:41.0125 3188        ============================================================

11:39:42.0265 3188        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044

11:39:42.0296 3188        Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044

11:39:42.0312 3188        Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044

11:39:42.0312 3188        Drive \Device\Harddisk3\DR6 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

11:39:42.0312 3188        \Device\Harddisk0\DR0:

11:39:42.0312 3188        MBR used

11:39:42.0312 3188        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82

11:39:42.0312 3188        \Device\Harddisk1\DR1:

11:39:42.0312 3188        MBR used

11:39:42.0312 3188        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82

11:39:42.0312 3188        \Device\Harddisk2\DR2:

11:39:42.0312 3188        MBR used

11:39:42.0312 3188        \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02

11:39:42.0312 3188        \Device\Harddisk3\DR6:

11:39:42.0312 3188        MBR used

11:39:42.0312 3188        \Device\Harddisk3\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02

11:39:42.0687 3188        Initialize success

11:39:42.0687 3188        ============================================================

11:40:09.0765 1800        ============================================================

11:40:09.0765 1800        Scan started

11:40:09.0765 1800        Mode: Manual; SigCheck; TDLFS; 

11:40:09.0765 1800        ============================================================

11:40:10.0125 1800        Abiosdsk - ok

11:40:10.0171 1800        ACPI            (0cc42d1fb637112de6f6196ddaf83dec) C:\WINDOWS\system32\DRIVERS\ACPI.sys

11:40:10.0828 1800        ACPI - ok

11:40:10.0906 1800        ACPIEC          (a4d4f508bc6613442b0c32cde443e382) C:\WINDOWS\system32\drivers\ACPIEC.sys

11:40:10.0984 1800        ACPIEC - ok

11:40:11.0000 1800        adpu160m - ok

11:40:11.0000 1800        adpu320 - ok

11:40:11.0062 1800        aec             (92500bc3a6e241bbc357f532dd500a75) C:\WINDOWS\system32\drivers\aec.sys

11:40:11.0109 1800        aec - ok

11:40:11.0156 1800        AeLookupSvc     (ac7010dde9111a1c65d7391ada5c7257) C:\WINDOWS\System32\aelupsvc.dll

11:40:11.0203 1800        AeLookupSvc - ok

11:40:11.0265 1800        AFD             (886c37d055020d0d02c35ac5b84e76ab) C:\WINDOWS\System32\drivers\afd.sys

11:40:11.0281 1800        AFD - ok

11:40:11.0281 1800        aic78u2 - ok

11:40:11.0281 1800        aic78xx - ok

11:40:11.0296 1800        Alerter         (afa2cf7cb731ca177cccffffe5d88776) C:\WINDOWS\system32\alrsvc.dll

11:40:11.0328 1800        Alerter - ok

11:40:11.0343 1800        ALG             (2d21ff6d4cd30e679f1a294d5ba3d97b) C:\WINDOWS\System32\alg.exe

11:40:11.0375 1800        ALG - ok

11:40:11.0390 1800        AliIde - ok

11:40:11.0406 1800        AmdIde - ok

11:40:11.0421 1800        AppMgmt         (4f6b2de8bc199c542f174844bb64485a) C:\WINDOWS\System32\appmgmts.dll

11:40:11.0453 1800        AppMgmt - ok

11:40:11.0453 1800        arc - ok

11:40:11.0500 1800        Arp1394         (fda73c1ecd1ec4f366ff0ab85abf816d) C:\WINDOWS\system32\DRIVERS\arp1394.sys

11:40:11.0531 1800        Arp1394 - ok

11:40:11.0656 1800        aspnet_state    (f9f0f095586009e5da0c32e648aa99fa) C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe

11:40:11.0671 1800        aspnet_state - ok

11:40:11.0687 1800        AsyncMac        (7380acdd2d8e6621392e56d9a0467fe4) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

11:40:11.0750 1800        AsyncMac - ok

11:40:11.0796 1800        atapi           (7a1814d0d112f50f828e25557a1ed29f) C:\WINDOWS\system32\DRIVERS\atapi.sys

11:40:11.0828 1800        atapi - ok

11:40:11.0843 1800        Atdisk - ok

11:40:11.0859 1800        Atmarpc         (62d65fce5695b53a2ddf92e83111ea06) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

11:40:11.0890 1800        Atmarpc - ok

11:40:11.0937 1800        AudioSrv        (0da015ab1ee54988572cfc4b7644556a) C:\WINDOWS\System32\audiosrv.dll

11:40:11.0968 1800        AudioSrv - ok

11:40:12.0015 1800        audstub         (1437089f59dba75fee4ed959077a938e) C:\WINDOWS\system32\DRIVERS\audstub.sys

11:40:12.0046 1800        audstub - ok

11:40:12.0187 1800        AVP             (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

11:40:12.0187 1800        AVP - ok

11:40:12.0234 1800        Beep            (8ba2e5cdfde406dc4646afb894804844) C:\WINDOWS\system32\drivers\Beep.sys

11:40:12.0296 1800        Beep - ok

11:40:12.0343 1800        BITS            (749c15323919984a6e08bad427d89936) C:\WINDOWS\system32\qmgr.dll

11:40:12.0468 1800        BITS - ok

11:40:12.0515 1800        Browser         (3a8e1df1a159df863af4e5b84019a2bc) C:\WINDOWS\System32\browser.dll

11:40:12.0562 1800        Browser - ok

11:40:12.0562 1800        BTCFilterService - ok

11:40:12.0609 1800        CdaC15BA        (982563cf02cd6d4e5d8e0f4b5cbb9b6a) C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys

11:40:12.0671 1800        CdaC15BA - ok

11:40:12.0671 1800        CdaD10BA        (9067d96899d98ca4535a76e8c8b2e3a5) C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys

11:40:12.0703 1800        CdaD10BA - ok

11:40:12.0750 1800        Cdfs            (4d99e36322fb51a8d1b2b6d6b69d9889) C:\WINDOWS\system32\drivers\Cdfs.sys

11:40:12.0796 1800        Cdfs - ok

11:40:12.0843 1800        Cdrom           (11663fe50e499ffee77979542b285f38) C:\WINDOWS\system32\DRIVERS\cdrom.sys

11:40:12.0906 1800        Cdrom - ok

11:40:12.0906 1800        Changer - ok

11:40:12.0921 1800        CiSvc           (46c54f209031afa0f100d0703fc346da) C:\WINDOWS\system32\cisvc.exe

11:40:12.0968 1800        CiSvc - ok

11:40:12.0984 1800        ClipSrv         (74f11d0323666d9f615a2d3692590122) C:\WINDOWS\system32\clipsrv.exe

11:40:13.0015 1800        ClipSrv - ok

11:40:13.0093 1800        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:40:13.0093 1800        clr_optimization_v2.0.50727_32 - ok

11:40:13.0156 1800        clr_optimization_v2.0.50727_64 (fa58b51ed71c9133e141164eaa7c54eb) C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

11:40:13.0171 1800        clr_optimization_v2.0.50727_64 - ok

11:40:13.0171 1800        CmdIde - ok

11:40:13.0187 1800        COMSysApp - ok

11:40:13.0187 1800        crcdisk         (423f7a6e3af4c2a73c8c8ad945f72cba) C:\WINDOWS\system32\DRIVERS\crcdisk.sys

11:40:13.0234 1800        crcdisk - ok

11:40:13.0265 1800        CryptSvc        (8b0b3744c60936acae31012799db3982) C:\WINDOWS\System32\cryptsvc.dll

11:40:13.0359 1800        CryptSvc - ok

11:40:13.0390 1800        DcomLaunch      (a6130365606f3d6332b014fc3da931aa) C:\WINDOWS\system32\rpcss.dll

11:40:13.0468 1800        DcomLaunch - ok

11:40:13.0546 1800        Dhcp            (de4c841dda8d5800515a5ca908580a36) C:\WINDOWS\System32\dhcpcsvc.dll

11:40:13.0593 1800        Dhcp - ok

11:40:13.0640 1800        Disk            (417d7b9c6f36685a417e54690f8bd7b2) C:\WINDOWS\system32\DRIVERS\disk.sys

11:40:13.0687 1800        Disk - ok

11:40:13.0687 1800        dmadmin - ok

11:40:13.0734 1800        dmboot          (19d704c92c2e2bd4dc99db18a3523918) C:\WINDOWS\system32\drivers\dmboot.sys

11:40:13.0796 1800        dmboot - ok

11:40:13.0796 1800        dmio            (b293ce1c9243219f6b9e5dbcaa75b962) C:\WINDOWS\system32\drivers\dmio.sys

11:40:13.0843 1800        dmio - ok

11:40:13.0843 1800        dmload          (c294e31d6cb7407a43c96ec1fec1f8a4) C:\WINDOWS\system32\drivers\dmload.sys

11:40:13.0906 1800        dmload - ok

11:40:13.0921 1800        dmserver        (76f7e7922f428be040f800920bb8ff3b) C:\WINDOWS\System32\dmserver.dll

11:40:13.0953 1800        dmserver - ok

11:40:14.0000 1800        Dnscache        (19c1612c4f5d828935d2270c7af13e6e) C:\WINDOWS\System32\dnsrslvr.dll

11:40:14.0031 1800        Dnscache - ok

11:40:14.0031 1800        dpti2o - ok

11:40:14.0046 1800        ERSvc           (b063a36e4e027a9dbe2b019ebbbeae86) C:\WINDOWS\System32\ersvc.dll

11:40:14.0093 1800        ERSvc - ok

11:40:14.0156 1800        Eventlog        (1e07ee3f50dff2fe9b0a9d196e82698f) C:\WINDOWS\system32\services.exe

11:40:14.0171 1800        Eventlog - ok

11:40:14.0218 1800        EventSystem     (cdef30a1dcffcaf6a4e8b7812ae79c95) C:\WINDOWS\system32\es.dll

11:40:14.0234 1800        EventSystem - ok

11:40:14.0296 1800        Fastfat         (7c713b9f6f968f135d3d819492882cdd) C:\WINDOWS\system32\drivers\Fastfat.sys

11:40:14.0343 1800        Fastfat - ok

11:40:14.0390 1800        Fdc             (7e35d423ff10ab5b8af1d3de86236690) C:\WINDOWS\system32\DRIVERS\fdc.sys

11:40:14.0437 1800        Fdc - ok

11:40:14.0468 1800        Fips            (73ea9000f8fb2e060954eb7c3377a3c7) C:\WINDOWS\system32\drivers\Fips.sys

11:40:14.0500 1800        Fips - ok

11:40:14.0546 1800        fireface        (37b768e10a86f7c26f5d144b87e5170c) C:\WINDOWS\system32\drivers\fireface_64.sys

11:40:14.0546 1800        fireface ( UnsignedFile.Multi.Generic ) - warning

11:40:14.0546 1800        fireface - detected UnsignedFile.Multi.Generic (1)

11:40:14.0562 1800        Flpydisk        (8ac77974378eac3548330951a5deeebf) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

11:40:14.0609 1800        Flpydisk - ok

11:40:14.0640 1800        FltMgr          (087db260f98056ac40261acae4240882) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

11:40:14.0671 1800        FltMgr - ok

11:40:14.0843 1800        FontCache3.0.0.0 (8a4dcd28d2be12946f6d5d308b0942a6) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

11:40:14.0843 1800        FontCache3.0.0.0 - ok

11:40:14.0875 1800        Fs_Rec          (70df80567a55a97894b4e8952ec5e7fc) C:\WINDOWS\system32\drivers\Fs_Rec.sys

11:40:14.0921 1800        Fs_Rec - ok

11:40:14.0937 1800        Ftdisk          (e90aa7c073519dd8571670818cb85ccb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

11:40:15.0000 1800        Ftdisk - ok

11:40:15.0015 1800        Gpc             (865d4d0b4e3730ef8040000cfb846d9f) C:\WINDOWS\system32\DRIVERS\msgpc.sys

11:40:15.0046 1800        Gpc - ok

11:40:15.0156 1800        gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

11:40:15.0171 1800        gupdate - ok

11:40:15.0218 1800        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

11:40:15.0234 1800        gupdatem - ok

11:40:15.0265 1800        hamachi - ok

11:40:15.0265 1800        Hamachi2Svc - ok

11:40:15.0312 1800        HDAudBus        (d36e47728cdbc8d17a77d36a6cbc29bb) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

11:40:15.0343 1800        HDAudBus - ok

11:40:15.0406 1800        helpsvc         (40e274b64843813a81c42687592339d7) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

11:40:15.0453 1800        helpsvc - ok

11:40:15.0484 1800        HidServ         (9648ad494be12b39acc2db638e2340a0) C:\WINDOWS\System32\hidserv.dll

11:40:15.0531 1800        HidServ - ok

11:40:15.0578 1800        hidusb          (f32bec5614a61bbb2bede070d279f88b) C:\WINDOWS\system32\DRIVERS\hidusb.sys

11:40:15.0609 1800        hidusb - ok

11:40:15.0656 1800        HTTP            (b54738df11d0e06072bf9c332db1d254) C:\WINDOWS\system32\Drivers\HTTP.sys

11:40:15.0687 1800        HTTP - ok

11:40:15.0718 1800        HTTPFilter      (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\System32\lsass.exe

11:40:15.0765 1800        HTTPFilter - ok

11:40:15.0765 1800        i2omgmt - ok

11:40:15.0828 1800        i8042prt        (50fd608643d9b56c4c75c0784513f77e) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

11:40:15.0859 1800        i8042prt - ok

11:40:15.0906 1800        IASJet - ok

11:40:16.0046 1800        idsvc           (501cf65702d7f64c38db360f7eb07adc) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

11:40:16.0093 1800        idsvc - ok

11:40:16.0093 1800        iirsp - ok

11:40:16.0125 1800        imapi           (d2e541613b72ff9fcedf37b166930706) C:\WINDOWS\system32\DRIVERS\imapi.sys

11:40:16.0187 1800        imapi - ok

11:40:16.0234 1800        ImapiService    (9014c144cd95eee1f5884664a4bfb4d8) C:\WINDOWS\system32\imapi.exe

11:40:16.0296 1800        ImapiService - ok

11:40:16.0500 1800        IntcAzAudAddService (fc000101e3d3aef951a57e8d32f0aed9) C:\WINDOWS\system32\drivers\RTKHDA64.SYS

11:40:16.0937 1800        IntcAzAudAddService - ok

11:40:16.0984 1800        IntelIde - ok

11:40:17.0031 1800        intelppm        (f8def5f83def3d1ee89bc851bfb6a886) C:\WINDOWS\system32\DRIVERS\intelppm.sys

11:40:17.0078 1800        intelppm - ok

11:40:17.0109 1800        Ip6Fw           (6601a43ee389d0adb11aaede9a98036b) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

11:40:17.0171 1800        Ip6Fw - ok

11:40:17.0187 1800        IpFilterDriver  (1b1b4654a5492a42d2e1bf5b2b22d32b) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

11:40:17.0250 1800        IpFilterDriver - ok

11:40:17.0250 1800        IpInIp - ok

11:40:17.0265 1800        IpNat           (088ecb04137df1f52ec10c29d57a8cca) C:\WINDOWS\system32\DRIVERS\ipnat.sys

11:40:17.0328 1800        IpNat - ok

11:40:17.0375 1800        IPSec           (db841ec6f027c780002ef47aabfddf86) C:\WINDOWS\system32\DRIVERS\ipsec.sys

11:40:17.0500 1800        IPSec - ok

11:40:17.0531 1800        IRENUM          (8b7015ea0171242cca03c2fb48ccc771) C:\WINDOWS\system32\DRIVERS\irenum.sys

11:40:17.0578 1800        IRENUM - ok

11:40:17.0625 1800        isapnp          (d994162e4d8e931fc16a892a87852bbb) C:\WINDOWS\system32\DRIVERS\isapnp.sys

11:40:17.0671 1800        isapnp - ok

11:40:17.0781 1800        JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files (x86)\Java\jre6\bin\jqs.exe

11:40:17.0796 1800        JavaQuickStarterService - ok

11:40:17.0828 1800        JRAID           (50b9060d11c4c2aaebacb2263972eff2) C:\WINDOWS\system32\DRIVERS\jraid.sys

11:40:17.0875 1800        JRAID - ok

11:40:17.0906 1800        Kbdclass        (e85095372008a9194c7ed6206cb782da) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

11:40:17.0953 1800        Kbdclass - ok

11:40:18.0015 1800        KL1             (e656fe10d6d27794afa08136685a69e8) C:\WINDOWS\system32\DRIVERS\kl1.sys

11:40:18.0031 1800        KL1 - ok

11:40:18.0046 1800        kl2             (d865dd8b0448e3f963d68c04c532858f) C:\WINDOWS\system32\DRIVERS\kl2.sys

11:40:18.0062 1800        kl2 - ok

11:40:18.0093 1800        KLIF            (b86a9608c9e07caf205d44d53182e5f5) C:\WINDOWS\system32\DRIVERS\klif.sys

11:40:18.0109 1800        KLIF - ok

11:40:18.0171 1800        klim5           (bc18d092961889f4b9eb095721edfbdd) C:\WINDOWS\system32\DRIVERS\klim5.sys

11:40:18.0171 1800        klim5 - ok

11:40:18.0203 1800        klmouflt        (f34f151ac2400b82c2a314dbe8684661) C:\WINDOWS\system32\DRIVERS\klmouflt.sys

11:40:18.0218 1800        klmouflt - ok

11:40:18.0265 1800        kmixer          (1b280b3b4c10cc2e3ec3aec17eb6b658) C:\WINDOWS\system32\drivers\kmixer.sys

11:40:18.0312 1800        kmixer - ok

11:40:18.0359 1800        KORGUMDS        (a96473f1c76bb29849cb947c6c350445) C:\WINDOWS\system32\Drivers\KORGUM64.SYS

11:40:18.0359 1800        KORGUMDS - ok

11:40:18.0406 1800        KSecDD          (e9bc44a069593b8bfce33610a0196d6b) C:\WINDOWS\system32\drivers\KSecDD.sys

11:40:18.0406 1800        KSecDD - ok

11:40:18.0468 1800        ksthunk         (5cb302b6caace41af70c34b56eb3db23) C:\WINDOWS\system32\drivers\ksthunk.sys

11:40:18.0515 1800        ksthunk - ok

11:40:18.0531 1800        L8042Kbd        (3fb80db5ec01b6153572d27438fbea20) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

11:40:18.0531 1800        L8042Kbd - ok

11:40:18.0562 1800        L8042mou        (d3693364aa9ac82fb0b78680bc7f423b) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys

11:40:18.0562 1800        L8042mou - ok

11:40:18.0609 1800        lanmanserver    (4d8e9a805add244b5c511147a5d9bb8c) C:\WINDOWS\System32\srvsvc.dll

11:40:18.0625 1800        lanmanserver - ok

11:40:18.0671 1800        lanmanworkstation (bf4105d3eb357652a4ea73f170715acd) C:\WINDOWS\System32\wkssvc.dll

11:40:18.0703 1800        lanmanworkstation - ok

11:40:18.0703 1800        LBeepKE         (2c5f11ee4f699b9a5e464053c99bcd21) C:\WINDOWS\system32\Drivers\LBeepKE.sys

11:40:18.0718 1800        LBeepKE - ok

11:40:18.0781 1800        LBTServ         (3f98db70009e420c332f48891de39fba) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

11:40:18.0796 1800        LBTServ - ok

11:40:18.0828 1800        LHidFilt        (b45686101f9473b52d7a501c544dda5d) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

11:40:18.0843 1800        LHidFilt - ok

11:40:18.0890 1800        LmHosts         (80db42573f8ef6cbb6a7a0ff6966a352) C:\WINDOWS\System32\lmhsvc.dll

11:40:18.0937 1800        LmHosts - ok

11:40:18.0953 1800        LMouFilt        (9980bb086248ca45772eff2559aa62d3) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

11:40:18.0968 1800        LMouFilt - ok

11:40:18.0984 1800        LMouKE          (0d9eb835d2be6545dca23bf9bbfd437e) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys

11:40:18.0984 1800        LMouKE - ok

11:40:19.0015 1800        LUsbFilt        (a1eb1db073972c7ce252daa3456bbbe7) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys

11:40:19.0031 1800        LUsbFilt - ok

11:40:19.0046 1800        Messenger       (34ef8cbea95ef5108a1349fc22d87513) C:\WINDOWS\System32\msgsvc.dll

11:40:19.0093 1800        Messenger - ok

11:40:19.0140 1800        mnmdd           (ad6bc1efa0c1b53409947f06de87fc89) C:\WINDOWS\system32\drivers\mnmdd.sys

11:40:19.0187 1800        mnmdd - ok

11:40:19.0187 1800        mnmsrvc - ok

11:40:19.0234 1800        Modem           (9a67a96a0cbc2bc658abf8c9b5ee065a) C:\WINDOWS\system32\drivers\Modem.sys

11:40:19.0281 1800        Modem - ok

11:40:19.0312 1800        motccgp - ok

11:40:19.0328 1800        motccgpfl - ok

11:40:19.0328 1800        motmodem - ok

11:40:19.0328 1800        MotoSwitchService - ok

11:40:19.0343 1800        Motousbnet - ok

11:40:19.0343 1800        motusbdevice - ok

11:40:19.0406 1800        Mouclass        (12acf32edf03e46805347817acb9f64c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

11:40:19.0437 1800        Mouclass - ok

11:40:19.0468 1800        mouhid          (a0c4e4a79c5d6f418315c33177f2b5bc) C:\WINDOWS\system32\DRIVERS\mouhid.sys

11:40:19.0515 1800        mouhid - ok

11:40:19.0562 1800        MountMgr        (7e9cc7e4282a8e7a480560a6f817c177) C:\WINDOWS\system32\drivers\MountMgr.sys

11:40:19.0609 1800        MountMgr - ok

11:40:19.0625 1800        mraid35x - ok

11:40:19.0656 1800        MRxDAV          (3d33208e5a7414d8633d34d24f119173) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

11:40:19.0671 1800        MRxDAV - ok

11:40:19.0750 1800        MRxSmb          (9385e695b33068b90cf419186ecaa3de) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

11:40:19.0796 1800        MRxSmb - ok

11:40:19.0843 1800        MSDTC           (d42976785ba169c2361f97cc6a20681f) C:\WINDOWS\system32\msdtc.exe

11:40:19.0859 1800        MSDTC - ok

11:40:19.0859 1800        Msfs            (983f4ab7a50d56cd33e2061ee733bd55) C:\WINDOWS\system32\drivers\Msfs.sys

11:40:19.0921 1800        Msfs - ok

11:40:19.0921 1800        MSIServer - ok

11:40:19.0953 1800        MSKSSRV         (308ec6fbef38871cb2c4cace9c8f4808) C:\WINDOWS\system32\drivers\MSKSSRV.sys

11:40:20.0015 1800        MSKSSRV - ok

11:40:20.0046 1800        MSPCLOCK        (8d3226738479719aab3b6d2617d7a55c) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

11:40:20.0078 1800        MSPCLOCK - ok

11:40:20.0093 1800        MSPQM           (058d63e8d000ae678d4549bfa8eb0deb) C:\WINDOWS\system32\drivers\MSPQM.sys

11:40:20.0125 1800        MSPQM - ok

11:40:20.0171 1800        mssmbios        (5992d1f9ed64017a76afee2b79f5cfb9) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

11:40:20.0203 1800        mssmbios - ok

11:40:20.0250 1800        Mup             (5902c8e565fe346076786f43103ef02e) C:\WINDOWS\system32\drivers\Mup.sys

11:40:20.0281 1800        Mup - ok

11:40:20.0312 1800        NDIS            (6fe83d05aebef7930d7ce91568dc99df) C:\WINDOWS\system32\drivers\NDIS.sys

11:40:20.0375 1800        NDIS - ok

11:40:20.0421 1800        NdisTapi        (389cfab53aa9807ea4536cb0b03609c3) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

11:40:20.0437 1800        NdisTapi - ok

11:40:20.0484 1800        Ndisuio         (49c1207c1ae8c6958f1c1747132814c2) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

11:40:20.0531 1800        Ndisuio - ok

11:40:20.0531 1800        NdisWan         (6157a7aeae6d2b948ff2e872ffac765b) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

11:40:20.0578 1800        NdisWan - ok

11:40:20.0625 1800        NDProxy         (01b8acf7c9afa9005db6378077137bce) C:\WINDOWS\system32\drivers\NDProxy.sys

11:40:20.0640 1800        NDProxy - ok

11:40:20.0656 1800        NetBIOS         (b1cee06471a069149b11fada23ff00fd) C:\WINDOWS\system32\DRIVERS\netbios.sys

11:40:20.0703 1800        NetBIOS - ok

11:40:20.0718 1800        NetBT           (fedaafb6cd700b9e0787c94d81c07db5) C:\WINDOWS\system32\DRIVERS\netbt.sys

11:40:20.0781 1800        NetBT - ok

11:40:20.0812 1800        NetDDE          (fb13279d8c89add5b0f7497c45bcf1c3) C:\WINDOWS\system32\netdde.exe

11:40:20.0875 1800        NetDDE - ok

11:40:20.0906 1800        NetDDEdsdm      (fb13279d8c89add5b0f7497c45bcf1c3) C:\WINDOWS\system32\netdde.exe

11:40:20.0937 1800        NetDDEdsdm - ok

11:40:20.0968 1800        Netlogon        (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe

11:40:21.0015 1800        Netlogon - ok

11:40:21.0031 1800        Netman          (f28fd9dba68a85d6ee4225a83f127d2b) C:\WINDOWS\System32\netman.dll

11:40:21.0078 1800        Netman - ok

11:40:21.0218 1800        NetTcpPortSharing (8bc776595238ab62072aa6beb17ddf59) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

11:40:21.0218 1800        NetTcpPortSharing - ok

11:40:21.0250 1800        NIC1394         (dafc30299e872cd7ed3795ea0fa08f67) C:\WINDOWS\system32\DRIVERS\nic1394.sys

11:40:21.0296 1800        NIC1394 - ok

11:40:21.0359 1800        Nla             (ba13c3c32a69dc37653c9543e065950e) C:\WINDOWS\System32\mswsock.dll

11:40:21.0375 1800        Nla - ok

11:40:21.0421 1800        Npfs            (81819038621a2c524781ec503d400287) C:\WINDOWS\system32\drivers\Npfs.sys

11:40:21.0484 1800        Npfs - ok

11:40:21.0531 1800        Ntfs            (c8904b5f90ab2236692e83d491c4d426) C:\WINDOWS\system32\drivers\Ntfs.sys

11:40:21.0656 1800        Ntfs - ok

11:40:21.0687 1800        NtLmSsp         (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe

11:40:21.0718 1800        NtLmSsp - ok

11:40:21.0750 1800        NtmsSvc         (a398462077f68a41b4dff9fb7e8fc7b8) C:\WINDOWS\system32\ntmssvc.dll

11:40:21.0843 1800        NtmsSvc - ok

11:40:21.0890 1800        Null            (501039187c444fa7ab9d97b6a6c667b3) C:\WINDOWS\system32\drivers\Null.sys

11:40:21.0937 1800        Null - ok

11:40:22.0187 1800        nv              (feab08c326e11a23ab6fe87b3ced56fd) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

11:40:22.0859 1800        nv - ok

11:40:23.0062 1800        NvnUsbAudio     (3e63dec87b07659f1276c5dc01b5aa5a) C:\WINDOWS\system32\drivers\nvnusbaudio.sys

11:40:23.0109 1800        NvnUsbAudio ( UnsignedFile.Multi.Generic ) - warning

11:40:23.0109 1800        NvnUsbAudio - detected UnsignedFile.Multi.Generic (1)

11:40:23.0203 1800        NVSvc           (c8a613978f184b15ae0ff2903e7f0930) C:\WINDOWS\system32\nvsvc64.exe

11:40:23.0281 1800        NVSvc - ok

11:40:23.0312 1800        nvUpdatusService - ok

11:40:23.0593 1800        odserv          (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

11:40:23.0609 1800        odserv - ok

11:40:23.0671 1800        ohci1394        (f8160ac8ae516a33221427c2353a7d12) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

11:40:23.0703 1800        ohci1394 - ok

11:40:23.0734 1800        ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

11:40:23.0750 1800        ose - ok

11:40:23.0781 1800        Parport         (7ddaa09186da9f1d304e819b5a6bbc5a) C:\WINDOWS\system32\drivers\Parport.sys

11:40:23.0843 1800        Parport - ok

11:40:23.0875 1800        PartMgr         (5f9a703240468a0c35a629d17ffca847) C:\WINDOWS\system32\drivers\PartMgr.sys

11:40:23.0937 1800        PartMgr - ok

11:40:23.0953 1800        PCI             (5b2c8d6971d8df4937c2fa013cd4c00d) C:\WINDOWS\system32\DRIVERS\pci.sys

11:40:24.0015 1800        PCI - ok

11:40:24.0031 1800        PCIIde          (f1978c7849a0047306db3b8bb94f0764) C:\WINDOWS\system32\DRIVERS\pciide.sys

11:40:24.0062 1800        PCIIde - ok

11:40:24.0093 1800        Pcmcia          (037f3a19f49a4c6a320c4154ebd6ee9d) C:\WINDOWS\system32\drivers\Pcmcia.sys

11:40:24.0156 1800        Pcmcia - ok

11:40:24.0156 1800        PDCOMP - ok

11:40:24.0171 1800        PDFRAME - ok

11:40:24.0171 1800        PDRELI - ok

11:40:24.0171 1800        PDRFRAME - ok

11:40:24.0234 1800        PlugPlay        (1e07ee3f50dff2fe9b0a9d196e82698f) C:\WINDOWS\system32\services.exe

11:40:24.0234 1800        PlugPlay - ok

11:40:24.0250 1800        PnkBstrA - ok

11:40:24.0296 1800        PolicyAgent     (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe

11:40:24.0328 1800        PolicyAgent - ok

11:40:24.0375 1800        PptpMiniport    (e176f640ee6bf550f61faa9ce9a683f4) C:\WINDOWS\system32\DRIVERS\raspptp.sys

11:40:24.0421 1800        PptpMiniport - ok

11:40:24.0421 1800        PQNTDrv - ok

11:40:24.0437 1800        ProtectedStorage (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe

11:40:24.0468 1800        ProtectedStorage - ok

11:40:24.0500 1800        PSched          (01aae06e543c0956ac247546a8f2dafe) C:\WINDOWS\system32\DRIVERS\psched.sys

11:40:24.0531 1800        PSched - ok

11:40:24.0531 1800        Ptilink         (35e39a969d227c2a56c1dc98361d8e35) C:\WINDOWS\system32\DRIVERS\ptilink.sys

11:40:24.0578 1800        Ptilink - ok

11:40:24.0640 1800        PxHlpa64        (a6bf0a9b5a30d743623ca0d3be35df05) C:\WINDOWS\system32\Drivers\PxHlpa64.sys

11:40:24.0640 1800        PxHlpa64 - ok

11:40:24.0656 1800        RasAcd          (d646a315e6386dac1d96c8ce8a4bfee7) C:\WINDOWS\system32\DRIVERS\rasacd.sys

11:40:24.0687 1800        RasAcd - ok

11:40:24.0734 1800        RasAuto         (3f573d0c001b982c3180860366783bc0) C:\WINDOWS\System32\rasauto.dll

11:40:24.0796 1800        RasAuto - ok

11:40:24.0843 1800        Rasl2tp         (d81fdc53ee9c0f68d709e504342d1d74) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

11:40:24.0890 1800        Rasl2tp - ok

11:40:24.0921 1800        RasMan          (47f7838f77a42f85c763899ab1b77d14) C:\WINDOWS\System32\rasmans.dll

11:40:24.0968 1800        RasMan - ok

11:40:24.0968 1800        RasPppoe        (31fa5ab662c58cc5cf92396224f6b29a) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

11:40:25.0015 1800        RasPppoe - ok

11:40:25.0015 1800        Raspti          (701493f9a6ede759af8d3fa7c08bab3b) C:\WINDOWS\system32\DRIVERS\raspti.sys

11:40:25.0062 1800        Raspti - ok

11:40:25.0109 1800        Rdbss           (251a8b39645c5b3dc7dcbbd03a3140cb) C:\WINDOWS\system32\DRIVERS\rdbss.sys

11:40:25.0156 1800        Rdbss - ok

11:40:25.0171 1800        RDPCDD          (c013379d04060318c3b2e4967d82739a) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

11:40:25.0218 1800        RDPCDD - ok

11:40:25.0265 1800        rdpdr           (0482a9be0be2098a12a61464306bf24b) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

11:40:25.0328 1800        rdpdr - ok

11:40:25.0390 1800        RDPWD           (e87df32229d27afbd9ea4efc70bd0daa) C:\WINDOWS\system32\drivers\RDPWD.sys

11:40:25.0421 1800        RDPWD - ok

11:40:25.0437 1800        RDSessMgr       (a72be0b07655141ab4eabecf0d66528a) C:\WINDOWS\system32\sessmgr.exe

11:40:25.0484 1800        RDSessMgr - ok

11:40:25.0531 1800        redbook         (1d793394201000d2d56e848c18fe9a62) C:\WINDOWS\system32\DRIVERS\redbook.sys

11:40:25.0578 1800        redbook - ok

11:40:25.0609 1800        RemoteAccess    (60c8a5d4954cce7d280369dff5068019) C:\WINDOWS\System32\mprdim.dll

11:40:25.0656 1800        RemoteAccess - ok

11:40:25.0718 1800        RemoteRegistry  (b2d55ce8c7c946c625b687f75040ad3f) C:\WINDOWS\system32\regsvc.dll

11:40:25.0781 1800        RemoteRegistry - ok

11:40:25.0812 1800        RpcLocator      (809785cf7be1b857f3b52d9b1af10817) C:\WINDOWS\system32\locator.exe

11:40:25.0843 1800        RpcLocator - ok

11:40:25.0890 1800        RpcSs           (a6130365606f3d6332b014fc3da931aa) C:\WINDOWS\system32\rpcss.dll

11:40:25.0906 1800        RpcSs - ok

11:40:25.0968 1800        RTL8023x64      (548464910350423cc178c80bf9501c7a) C:\WINDOWS\system32\DRIVERS\Rtnic64.sys

11:40:26.0031 1800        RTL8023x64 - ok

11:40:26.0078 1800        SamSs           (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe

11:40:26.0109 1800        SamSs - ok

11:40:26.0156 1800        SCardSvr        (a2069ffa2a6febb3818f180373c84a89) C:\WINDOWS\System32\SCardSvr.exe

11:40:26.0203 1800        SCardSvr - ok

11:40:26.0250 1800        Schedule        (71cd398385835c08613c65e5bf91e7fa) C:\WINDOWS\system32\schedsvc.dll

11:40:26.0296 1800        Schedule - ok

11:40:26.0312 1800        SCR33x USB Smart Card Reader - ok

11:40:26.0359 1800        Secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\WINDOWS\system32\DRIVERS\secdrv.sys

11:40:26.0375 1800        Secdrv - ok

11:40:26.0390 1800        seclogon        (b4e054549321372d995e4db9a5304e77) C:\WINDOWS\System32\seclogon.dll

11:40:26.0421 1800        seclogon - ok

11:40:26.0453 1800        SENS            (222c0a6c354d6a90700956c60574a09a) C:\WINDOWS\system32\sens.dll

11:40:26.0500 1800        SENS - ok

11:40:26.0546 1800        Serial          (c0dc97399576fccff5fe877ec2d8dacc) C:\WINDOWS\system32\drivers\Serial.sys

11:40:26.0593 1800        Serial - ok

11:40:26.0625 1800        Sfloppy         (c6eacc8920a31b8d5842d1f7a28e2113) C:\WINDOWS\system32\drivers\Sfloppy.sys

11:40:26.0656 1800        Sfloppy - ok

11:40:26.0703 1800        SharedAccess    (d71a8153d3cf0ed527f6ba1f087faa22) C:\WINDOWS\system32\ipnathlp.dll

11:40:26.0796 1800        SharedAccess - ok

11:40:26.0828 1800        ShellHWDetection (15de8eae99a0f4e313e83aba5b849faa) C:\WINDOWS\System32\shsvcs.dll

11:40:26.0859 1800        ShellHWDetection - ok

11:40:26.0859 1800        Simbad - ok

11:40:26.0906 1800        splitter        (17ec29105989101db536c49e1279a0eb) C:\WINDOWS\system32\drivers\splitter.sys

11:40:26.0937 1800        splitter - ok

11:40:26.0984 1800        Spooler         (206fd327b4aad3aeaa8e0d7d03f2044a) C:\WINDOWS\system32\spoolsv.exe

11:40:27.0000 1800        Spooler - ok

11:40:27.0062 1800        sr              (dae1d5553d42a06034001d6ef4f5cb36) C:\WINDOWS\system32\DRIVERS\sr.sys

11:40:27.0093 1800        sr - ok

11:40:27.0140 1800        srservice       (7b6da719973755bd091131e53ad6ec23) C:\WINDOWS\system32\srsvc.dll

11:40:27.0187 1800        srservice - ok

11:40:27.0234 1800        Srv             (2a08328562d0ba596b699eeb90b511d1) C:\WINDOWS\system32\DRIVERS\srv.sys

11:40:27.0250 1800        Srv - ok

11:40:27.0265 1800        SSDPSRV         (94ad81c8ee2385eddb08c7e34fedb7a8) C:\WINDOWS\System32\ssdpsrv.dll

11:40:27.0296 1800        SSDPSRV - ok

11:40:27.0296 1800        STC2DFU - ok

11:40:27.0328 1800        stisvc          (f6d4f452db507820f726525a1425f0cc) C:\WINDOWS\system32\wiaservc.dll

11:40:27.0500 1800        stisvc - ok

11:40:27.0625 1800        swenum          (b6536185feeb8f0c86ad3bf2fbab4f2f) C:\WINDOWS\system32\DRIVERS\swenum.sys

11:40:27.0656 1800        swenum - ok

11:40:27.0703 1800        swmidi          (8e9e35b36a27ad154a5f92397cde343c) C:\WINDOWS\system32\drivers\swmidi.sys

11:40:27.0750 1800        swmidi - ok

11:40:27.0781 1800        swprv           (2e54746998139cb708b83974f1ac09f3) C:\WINDOWS\System32\swprv.dll

11:40:27.0859 1800        swprv - ok

11:40:27.0875 1800        symc8xx - ok

11:40:27.0875 1800        symmpi - ok

11:40:27.0875 1800        sym_hi - ok

11:40:27.0890 1800        sym_u3 - ok

11:40:27.0953 1800        SynasUSB        (48156ccd87e8b2961d8d4ef4021f952f) C:\WINDOWS\syswow64\drivers\SynUSB64.sys

11:40:27.0984 1800        SynasUSB ( UnsignedFile.Multi.Generic ) - warning

11:40:27.0984 1800        SynasUSB - detected UnsignedFile.Multi.Generic (1)

11:40:28.0031 1800        sysaudio        (2e843f129daf4c789df7acd40e26208f) C:\WINDOWS\system32\drivers\sysaudio.sys

11:40:28.0078 1800        sysaudio - ok

11:40:28.0109 1800        SysmonLog       (d3fffea8c94ba3c1ceac9694ac390472) C:\WINDOWS\system32\smlogsvc.exe

11:40:28.0156 1800        SysmonLog - ok

11:40:28.0187 1800        TapiSrv         (fafefc85fc929b81571bff315c93e299) C:\WINDOWS\System32\tapisrv.dll

11:40:28.0234 1800        TapiSrv - ok

11:40:28.0281 1800        Tcpip           (34d970b38e9e835009e1ad07c5422b58) C:\WINDOWS\system32\DRIVERS\tcpip.sys

11:40:28.0343 1800        Tcpip - ok

11:40:28.0375 1800        TDPIPE          (da1e9cd22238fa4db565ef41c7312e1b) C:\WINDOWS\system32\drivers\TDPIPE.sys

11:40:28.0437 1800        TDPIPE - ok

11:40:28.0468 1800        TDTCP           (47d24ebb1c442dcc18d89b8b89bafb49) C:\WINDOWS\system32\drivers\TDTCP.sys

11:40:28.0515 1800        TDTCP - ok

11:40:28.0562 1800        TermDD          (8ab9ad44907d4c57ad10e175c8720ecf) C:\WINDOWS\system32\DRIVERS\termdd.sys

11:40:28.0609 1800        TermDD - ok

11:40:28.0625 1800        TermService     (f4849a4962779132b02ca4bbf696f434) C:\WINDOWS\System32\termsrv.dll

11:40:28.0687 1800        TermService - ok

11:40:28.0734 1800        Themes          (15de8eae99a0f4e313e83aba5b849faa) C:\WINDOWS\System32\shsvcs.dll

11:40:28.0750 1800        Themes - ok

11:40:28.0781 1800        TlntSvr         (0fdf294d30ca53391485132854151b26) C:\WINDOWS\system32\tlntsvr.exe

11:40:28.0812 1800        TlntSvr - ok

11:40:28.0828 1800        TosIde - ok

11:40:28.0875 1800        TrkWks          (483ffcd8e5080198d87eeed44246e6a9) C:\WINDOWS\system32\trkwks.dll

11:40:28.0921 1800        TrkWks - ok

11:40:28.0968 1800        TuneUp.Defrag   (4b858c3960076ce0c2bd154612be1ef8) C:\WINDOWS\System32\TuneUpDefragService.exe

11:40:28.0984 1800        TuneUp.Defrag - ok

11:40:29.0000 1800        Udfs            (a6dd2dfcc44ec61d18aa645620cd8f63) C:\WINDOWS\system32\drivers\Udfs.sys

11:40:29.0046 1800        Udfs - ok

11:40:29.0093 1800        UGURU           (580641196846b0f594f675c07faad2bc) C:\WINDOWS\system32\drivers\uGuru.sys

11:40:29.0109 1800        UGURU ( UnsignedFile.Multi.Generic ) - warning

11:40:29.0109 1800        UGURU - detected UnsignedFile.Multi.Generic (1)

11:40:29.0109 1800        ultra - ok

11:40:29.0140 1800        UMWdf           (c306cea0f1477240a5d9a7e61db2f3e1) C:\WINDOWS\system32\wdfmgr.exe

11:40:29.0171 1800        UMWdf - ok

11:40:29.0203 1800        Update          (1446762923434d2a9c315325cf4770c8) C:\WINDOWS\system32\DRIVERS\update.sys

11:40:29.0218 1800        Update - ok

11:40:29.0265 1800        upnphost        (78c605cb6e0ce966d3347ff7caf3f8ac) C:\WINDOWS\System32\upnphost.dll

11:40:29.0296 1800        upnphost - ok

11:40:29.0328 1800        UPS             (3ec1501aa03cecd66ed093428fbc8b0e) C:\WINDOWS\System32\ups.exe

11:40:29.0375 1800        UPS - ok

11:40:29.0406 1800        usbaudio        (88354ba123549c6b0016592866063837) C:\WINDOWS\system32\drivers\usbaudio.sys

11:40:29.0437 1800        usbaudio - ok

11:40:29.0453 1800        usbccgp         (3421b0691a0e365a020836369a296f0c) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

11:40:29.0500 1800        usbccgp - ok

11:40:29.0546 1800        USBCCID         (a83d36d8bdd4c15ff7792642dfde4bd3) C:\WINDOWS\system32\DRIVERS\usbccid.sys

11:40:29.0593 1800        USBCCID - ok

11:40:29.0640 1800        usbehci         (ae6521a1c79fc955ff26be9ca5521b51) C:\WINDOWS\system32\DRIVERS\usbehci.sys

11:40:29.0703 1800        usbehci - ok

11:40:29.0734 1800        usbhub          (d63cb1b59d54f9c2bb8a4107584a664f) C:\WINDOWS\system32\DRIVERS\usbhub.sys

11:40:29.0781 1800        usbhub - ok

11:40:29.0812 1800        usbscan         (280894f834f5b9910dadff7568f37b31) C:\WINDOWS\system32\DRIVERS\usbscan.sys

11:40:29.0843 1800        usbscan - ok

11:40:29.0875 1800        USBSTOR         (edce8a162e8023fd1751e08e23e41948) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

11:40:29.0906 1800        USBSTOR - ok

11:40:29.0921 1800        usbuhci         (4b7b4a2cc997c482a0aa7ca663af62a0) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

11:40:29.0968 1800        usbuhci - ok

11:40:30.0000 1800        UxTuneUp        (7f760efb9bbc5f8ac223d35dcdc35098) C:\WINDOWS\System32\uxtuneup.dll

11:40:30.0015 1800        UxTuneUp - ok

11:40:30.0062 1800        vds             (b1e327aea4ecf42ddf7c579b0fb0de4c) C:\WINDOWS\System32\vds.exe

11:40:30.0156 1800        vds - ok

11:40:30.0203 1800        vga             (b40cfd2ffdd838b0ce0c35ee449407bd) C:\WINDOWS\system32\DRIVERS\vgapnp.sys

11:40:30.0250 1800        vga - ok

11:40:30.0296 1800        VgaSave         (78ebfe6f11f10db8237b910e9158ca91) C:\WINDOWS\System32\drivers\vga.sys

11:40:30.0328 1800        VgaSave - ok

11:40:30.0343 1800        ViaIde - ok

11:40:30.0390 1800        VolSnap         (fd6d28d1bbf31c719d9c5ec2d20fb5c2) C:\WINDOWS\system32\DRIVERS\volsnap.sys

11:40:30.0421 1800        VolSnap - ok

11:40:30.0484 1800        VSS             (0a05de966b412d6289632ac05fc6ada2) C:\WINDOWS\System32\vssvc.exe

11:40:30.0578 1800        VSS - ok

11:40:30.0640 1800        W32Time         (6fe371026674baf189f7a81746a67c87) C:\WINDOWS\system32\w32time.dll

11:40:30.0687 1800        W32Time - ok

11:40:30.0750 1800        Wanarp          (d2a01d73fe4a455c1d741b48c56763b2) C:\WINDOWS\system32\DRIVERS\wanarp.sys

11:40:30.0796 1800        Wanarp - ok

11:40:30.0843 1800        Wdf01000        (92090a7bb3b37b534c4193238d120696) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

11:40:30.0890 1800        Wdf01000 - ok

11:40:30.0890 1800        WDICA - ok

11:40:30.0953 1800        wdmaud          (daff7e89c84079022b9606f83e1bd29a) C:\WINDOWS\system32\drivers\wdmaud.sys

11:40:31.0000 1800        wdmaud - ok

11:40:31.0046 1800        WebClient       (fe8590fa0367a29bc7ed7bfc4962ad1c) C:\WINDOWS\System32\webclnt.dll

11:40:31.0078 1800        WebClient - ok

11:40:31.0109 1800        WinHttpAutoProxySvc - ok

11:40:31.0156 1800        winmgmt         (881271d649e778690a365d73b8958509) C:\WINDOWS\system32\wbem\WMIsvc.dll

11:40:31.0218 1800        winmgmt - ok

11:40:31.0328 1800        wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

11:40:31.0609 1800        wlidsvc - ok

11:40:31.0859 1800        WmdmPmSN        (4d32f7bdbf325792ae28d5380ddf6bcf) C:\WINDOWS\SysWOW64\mspmsnsv.dll

11:40:31.0921 1800        WmdmPmSN - ok

11:40:31.0984 1800        Wmi             (b51966db20d5c700228dfe222fdf9e67) C:\WINDOWS\System32\advapi32.dll

11:40:32.0062 1800        Wmi - ok

11:40:32.0093 1800        WmiApSrv        (56980be8b5a6861b5d9175eaba8ac7dc) C:\WINDOWS\system32\wbem\wmiapsrv.exe

11:40:32.0156 1800        WmiApSrv - ok

11:40:32.0218 1800        WpdUsb          (4a59d22b86edf8306810fa10c58368c7) C:\WINDOWS\system32\Drivers\wpdusb.sys

11:40:32.0265 1800        WpdUsb - ok

11:40:32.0312 1800        wscsvc          (82960ce97c1898c28d7ae62ba6721d27) C:\WINDOWS\system32\wscsvc.dll

11:40:32.0343 1800        wscsvc - ok

11:40:32.0359 1800        wuauserv        (ef7576af44b484f7a3e6072d633bab34) C:\WINDOWS\system32\wuauserv.dll

11:40:32.0406 1800        wuauserv - ok

11:40:32.0562 1800        WZCSVC          (f4ec5c736bba9a27f9c36412c930b386) C:\WINDOWS\System32\wzcsvc.dll

11:40:32.0625 1800        WZCSVC - ok

11:40:32.0656 1800        xmlprov         (a1aba5a0b4f1ff9b83c50f92f8c080a2) C:\WINDOWS\System32\xmlprov.dll

11:40:32.0718 1800        xmlprov - ok

11:40:32.0781 1800        xusb21          (9176c0822faa649e45121875be32f5d2) C:\WINDOWS\system32\DRIVERS\xusb21.sys

11:40:32.0781 1800        xusb21 - ok

11:40:32.0796 1800        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

11:40:33.0046 1800        \Device\Harddisk0\DR0 - ok

11:40:33.0078 1800        MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1

11:40:33.0125 1800        \Device\Harddisk1\DR1 - ok

11:40:33.0125 1800        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2

11:40:33.0171 1800        \Device\Harddisk2\DR2 - ok

11:40:33.0171 1800        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR6

11:40:33.0781 1800        \Device\Harddisk3\DR6 - ok

11:40:33.0781 1800        Boot (0x1200)   (303956f4b7d031e2ab50e9091c03fdae) \Device\Harddisk0\DR0\Partition0

11:40:33.0781 1800        \Device\Harddisk0\DR0\Partition0 - ok

11:40:33.0781 1800        Boot (0x1200)   (eec7c32bed8c61244fa2ee05b1990b56) \Device\Harddisk1\DR1\Partition0

11:40:33.0781 1800        \Device\Harddisk1\DR1\Partition0 - ok

11:40:33.0781 1800        Boot (0x1200)   (92aa6e58bdf76968c27ba8f6b6318ede) \Device\Harddisk2\DR2\Partition0

11:40:33.0781 1800        \Device\Harddisk2\DR2\Partition0 - ok

11:40:33.0781 1800        Boot (0x1200)   (d91824221575654b1eaca7f31b4e6e8f) \Device\Harddisk3\DR6\Partition0

11:40:33.0781 1800        \Device\Harddisk3\DR6\Partition0 - ok

11:40:33.0796 1800        ============================================================

11:40:33.0796 1800        Scan finished

11:40:33.0796 1800        ============================================================

11:40:33.0890 2928        Detected object count: 4

11:40:33.0890 2928        Actual detected object count: 4

11:40:48.0156 2928        fireface ( UnsignedFile.Multi.Generic ) - skipped by user

11:40:48.0156 2928        fireface ( UnsignedFile.Multi.Generic ) - User select action: Skip 

11:40:48.0156 2928        NvnUsbAudio ( UnsignedFile.Multi.Generic ) - skipped by user

11:40:48.0156 2928        NvnUsbAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 

11:40:48.0156 2928        SynasUSB ( UnsignedFile.Multi.Generic ) - skipped by user

11:40:48.0156 2928        SynasUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 

11:40:48.0156 2928        UGURU ( UnsignedFile.Multi.Generic ) - skipped by user

11:40:48.0156 2928        UGURU ( UnsignedFile.Multi.Generic ) - User select action: Skip 

11:40:55.0296 3920        Deinitialize success

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hi Arne, ComboFix unterstützt leider Windows XP64bit nicht...wir brauchen wohl eine andere Lösung :(

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Hier der Log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-22 15:43:10
-----------------------------
15:43:10.015 OS Version: Windows x64 5.2.3790 Service Pack 2
15:43:10.015 Number of processors: 4 586 0x1707
15:43:10.015 ComputerName: GREGSEN UserName:
15:43:11.562 Initialize success
15:45:03.859 AVAST engine defs: 12032000
15:45:09.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
15:45:09.593 Disk 0 Vendor: WDC_WD1600AAJS-22L7A0 01.03E01 Size: 152627MB BusType: 3
15:45:09.593 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-18
15:45:09.593 Disk 1 Vendor: WDC_WD1600AAJS-22L7A0 01.03E01 Size: 152627MB BusType: 3
15:45:09.609 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-2d
15:45:09.609 Disk 2 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3
15:45:09.625 Disk 0 MBR read successfully
15:45:09.625 Disk 0 MBR scan
15:45:09.750 Disk 0 Windows XP default MBR code
15:45:09.796 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
15:45:09.843 Disk 0 scanning C:\WINDOWS\system32\drivers
15:45:17.546 Service scanning
15:45:31.500 Modules scanning
15:45:31.500 Disk 0 trace - called modules:
15:45:31.500 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys atapi.sys pciide.sys PCIIDEX.SYS hal.dll
15:45:31.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffadf37f0f060]
15:45:31.500 3 CLASSPNP.SYS[fffffadf295c58c9] -> nt!IofCallDriver -> \Device\0000006f[0xfffffadf38e14e60]
15:45:31.500 5 ACPI.sys[fffffadf297a9e69] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0xfffffadf38fd3a40]
15:45:32.156 AVAST engine scan C:\WINDOWS
15:45:49.343 AVAST engine scan C:\WINDOWS\system32
15:47:47.515 AVAST engine scan C:\WINDOWS\system32\drivers
15:47:58.187 AVAST engine scan C:\Documents and Settings\Administrator
15:52:24.843 File: C:\Documents and Settings\Administrator\My Documents\Downloads\CryptLoad\ocr\megaupload.com\AntiCaptcha\megafree.exe **INFECTED** Win32:Spyware-gen [Spy]
15:58:57.281 AVAST engine scan C:\Documents and Settings\All Users
16:03:13.968 Scan finished successfully
16:14:33.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
16:14:33.187 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

Zitat:

C:\Documents and Settings\Administrator\My Documents\Downloads\CryptLoad\ocr\megaupload.com\AntiCaptcha\megafree.exe **INFECTED** Win32:Spyware-gen [Spy]

Wo hast du das Teil denn her? :balla:

...ich hab's nie runtergeladen O_o ich weiß nichtmal, was das ist!

Lösch bitte den Ordner \CryptLoad in C:\Documents and Settings\Administrator\My Documents\Downloads

Mach danach ein neues Log mit aswMBR

Hi Arne, hier der neue Log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-22 16:37:55
-----------------------------
16:37:55.062 OS Version: Windows x64 5.2.3790 Service Pack 2
16:37:55.062 Number of processors: 4 586 0x1707
16:37:55.062 ComputerName: GREGSEN UserName:
16:37:56.640 Initialize success
16:40:45.156 AVAST engine defs: 12032000
16:42:13.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
16:42:13.781 Disk 0 Vendor: WDC_WD1600AAJS-22L7A0 01.03E01 Size: 152627MB BusType: 3
16:42:13.781 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-18
16:42:13.781 Disk 1 Vendor: WDC_WD1600AAJS-22L7A0 01.03E01 Size: 152627MB BusType: 3
16:42:13.781 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-2d
16:42:13.781 Disk 2 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3
16:42:13.796 Disk 0 MBR read successfully
16:42:13.796 Disk 0 MBR scan
16:42:13.843 Disk 0 Windows XP default MBR code
16:42:13.859 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
16:42:13.906 Disk 0 scanning C:\WINDOWS\system32\drivers
16:42:24.562 Service scanning
16:42:37.203 Modules scanning
16:42:37.203 Disk 0 trace - called modules:
16:42:37.234 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys atapi.sys pciide.sys PCIIDEX.SYS hal.dll
16:42:37.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffadf37f0f060]
16:42:37.234 3 CLASSPNP.SYS[fffffadf295c58c9] -> nt!IofCallDriver -> \Device\0000006f[0xfffffadf38e14e60]
16:42:37.234 5 ACPI.sys[fffffadf297a9e69] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0xfffffadf38fd3a40]
16:42:38.078 AVAST engine scan C:\WINDOWS
16:42:49.687 AVAST engine scan C:\WINDOWS\system32
16:44:58.296 AVAST engine scan C:\WINDOWS\system32\drivers
16:45:07.812 AVAST engine scan C:\Documents and Settings\Administrator
16:54:03.625 AVAST engine scan C:\Documents and Settings\All Users
16:57:34.437 Scan finished successfully
17:04:57.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
17:04:57.875 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hallo Arne,

super, tausend Dank dir. Hier die Vollscan-Logs von Malwarebytes, SuperAntiSpyware und ESET:

Malwarebytes:

Malwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.03.23.05

Windows XP Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: GREGSEN [Administrator]

24.03.2012 11:56:25
mbam-log-2012-03-24 (13-13-17).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 580111
Laufzeit: 1 Stunde(n), 12 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0

(Ende)

SASW:

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 03/24/2012 at 03:52 AM

Application Version : 5.0.1146

Core Rules Database Version : 8376
Trace Rules Database Version: 6188

Scan type : Complete Scan
Total Scan Time : 03:21:52

Operating System Information
Windows XP Professional 64-bit, Service Pack 2 (Build 5.02.3790)
Administrator

Memory items scanned : 367
Memory threats detected : 0
Registry items scanned : 65153
Registry threats detected : 1
File items scanned : 454056
File threats detected : 1

Disabled.SecurityCenterOption
(x64) HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

Trojan.Agent/Gen
C:\PROGRAM FILES (X86)\DAWN OF WAR\PATCH\LOBBYROOMS.LUA

ESET:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=77f868b0b0ef86439fed1a800ffabf5c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-24 03:49:01
# local_time=2012-03-24 04:49:01 (+0100, W. Europe Standard Time)
# country="Germany"
# lang=1033
# osver=5.2.3790 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777191 100 0 347743 347743 0 0
# compatibility_mode=8192 67108863 100 0 3798 3798 0 0
# scanned=453568
# found=3
# cleaned=0
# scan_time=12625
C:\Documents and Settings\Administrator\My Documents\Downloads\daemon4123-lite.exe Win32/Adware.Toolbar.Shopper application (unable to clean) 00000000000000000000000000000000 I
D:\Program Files (x86)\DAEMON Tools Lite\uninst.exe Win32/Adware.Toolbar.Shopper application (unable to clean) 00000000000000000000000000000000 I
I:\Downloads\daemon4123-lite.exe Win32/Adware.Toolbar.Shopper application (unable to clean) 00000000000000000000000000000000 I

Zitat:

Trojan.Agent/Gen
C:\PROGRAM FILES (X86)\DAWN OF WAR\PATCH\LOBBYROOMS.LUA

Aus welcher Quelle stammt das?

Hi Arne,

soweit ich das sehen kann ist das eine ganz normale Datei, die zum Spiel "Dawn of War" gehört - das zocke ich ab und zu mal. Sieht für meine Begriffe nicht verdächtig aus...was meinst du?

Und wie beantwortet das meine Frage?

vielleicht habe ich dich nicht recht verstanden...meinst du, welches Programm diesen Dateipfad verdächtigt? Das steht doch da - SuperAntiSpyware..

Lies doch einfach meine Frage nochmal :pfeiff:

auf die Gefahr hin, mich zu blamieren...ich verstehe deine Frage auch nach zehnmaligem Lesen nicht :D Was meinst du denn mit "aus welcher Quelle"?

Überleg doch mal was eine Quelle ist! Woher hast du diese Datei!

woher ich die Datei habe? Das hatte ich doch im Post davor schon beantwortet...ich habe sie durch die Installation der "Dawn of War" - Spiel-CD auf meinen Rechner bekommen...zumindest nehme ich das an...

Na, das hast du mehr oder weniger indirekt erzählt, die Datei kann auch woanders herkommen. Wenn diese wirklich von der CD ist ist das ein Fehlalarm

Wie stehts um dein 64-Bit-XP-Rechner? Noch Probleme offen?

Ja, ich kann definitiv bestätigen dass die Datei von der CD kommt - sie wird zumindest von der setup.exe aus installiert. Ob sie mal von einem schädlichen Programm überschrieben wurde, kann ich nicht sicher sagen, ist aber unwahrscheinlich.

Soweit läuft alles okay auf meinem System, ich kann keine weitere Beeinträchtigung feststellen. Ich mache gerade ein Backup der Partition, falls es nächstes Mal nicht so glimpflich läuft - das war mir eine Lehre! Vielen Dank nochmal!

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.