Trojaner-Board - HILFE für PC-DUMMIE---WIN32/Obfuscator.ZU und WIN32/ShopperReports

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - HILFE für PC-DUMMIE---WIN32/Obfuscator.ZU und WIN32/ShopperReports (https://www.trojaner-board.de/120007-hilfe-pc-dummie-win32-obfuscator-win32-shopperreports.html)

Indem man aufpasst was man an Software installiert und aus welchen Quelle diese kommt zB Finger weg von softonic! Software lädt man sich mit oberster Prio direkt vom Hersteller aber nicht von dieser Shice Plattform Softonic! :pfui:

Und bei zukünftigen Programminstallation immer die benutzerdefinierte Methode anklicken, damit man bei der Installation mögliche Toolbars abwählen kann.
Deinstalliere bei der Gelegenheit auch alle anderen unnötigen Programme über die Systemsteuerung.

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S2].txt.

Code:

# AdwCleaner v1.703 - Logfile created 07/31/2012 at 07:17:34

# Updated 20/07/2012 by Xplode

# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

# User : Vroni - VRONI-PC

# Running from : C:\Users\Vroni\Downloads\adwcleaner.exe

# Option [Delete]
 
 

***** [Services] *****
 
 

***** [Files / Folders] *****
 

Folder Deleted : C:\Users\Vroni\AppData\LocalLow\boost_interprocess
 

***** [Registry] *****
 
 

***** [Registre - GUID] *****
 
 

***** [Internet Browsers] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Registry is clean.
 

-\\ Mozilla Firefox v14.0.1 (de)
 

Profile name : default 

File : C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\n6gbonvb.default\prefs.js
 

Deleted : user_pref("extensions.enabledAddons", "{ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.8,{635abd67-4fe9-1[...]
 

-\\ Google Chrome v20.0.1132.57
 

File : C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

[OK] File is clean.
 

*************************
 

AdwCleaner[R1].txt - [4964 octets] - [26/07/2012 18:07:38]

AdwCleaner[S1].txt - [5251 octets] - [28/07/2012 17:17:59]

AdwCleaner[R2].txt - [1266 octets] - [30/07/2012 19:54:05]

AdwCleaner[S2].txt - [1201 octets] - [31/07/2012 07:17:34]
 

########## EOF - C:\AdwCleaner[S2].txt - [1329 octets] ##########

Es erscheint nachwievor bei Start das Desktopfenster und alle Desktopsymbole sind weg.Erst wenn ich dieses Fenster schließe startet die Sidebar und der Microsft S.E.
Und wenn ich Deskoptsymbole anzeigen(aus) dann wieder (an), erscheinen sie und nach längerer Zeit sind sie wieder weg?!

Ok, ich brauch wieder wie o.g. ein neues OTL-Log

OTL Logfile:

Code:

OTL logfile created on: 31.07.2012 19:28:44 - Run 3

OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Vroni\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,30% Memory free

6,19 Gb Paging File | 5,14 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149,04 Gb Total Space | 97,58 Gb Free Space | 65,47% Space Free | Partition Type: NTFS

Drive D: | 139,28 Gb Total Space | 135,47 Gb Free Space | 97,26% Space Free | Partition Type: NTFS

 

Computer Name: VRONI-PC | User Name: Vroni | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.07.29 22:03:36 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Vroni\Desktop\OTL.exe

PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2009.04.11 08:27:48 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe

PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.08.13 01:21:11 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008.07.09 18:14:06 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe

PRC - [2008.06.19 21:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe

PRC - [2008.06.18 07:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe

PRC - [2008.06.04 02:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe

PRC - [2008.02.02 00:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe

PRC - [2008.01.24 00:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe

PRC - [2008.01.23 19:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe

PRC - [2008.01.21 04:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe

PRC - [2008.01.12 07:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe

PRC - [2007.12.04 19:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe

PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe

PRC - [2007.11.05 04:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe

PRC - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe

PRC - [2007.08.15 20:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe

PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe

PRC - [2007.07.06 01:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe

PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

MOD - [2010.07.04 23:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll

MOD - [2008.01.24 00:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe

MOD - [2008.01.12 07:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe

MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe

MOD - [2007.11.13 00:41:50 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTran.dll

MOD - [2007.08.08 11:52:08 | 000,331,776 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll

MOD - [2007.06.15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll

MOD - [2007.06.02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.07.19 15:01:18 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2008.01.21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2008.01.21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)

SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)

SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)

SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DCB19E84-D1D4-4D31-9D52-597342C6535D}\MpKsl95074b29.sys -- (MpKsl95074b29)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)

DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2010.07.04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)

DRV - [2009.10.30 19:10:36 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)

DRV - [2009.10.30 19:10:35 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)

DRV - [2009.07.02 01:59:00 | 009,786,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)

DRV - [2009.04.07 09:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)

DRV - [2008.06.03 23:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)

DRV - [2008.05.29 19:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby)

DRV - [2008.05.16 13:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)

DRV - [2008.05.16 13:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)

DRV - [2008.05.16 13:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)

DRV - [2008.05.16 13:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)

DRV - [2008.05.16 13:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)

DRV - [2008.05.16 13:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)

DRV - [2008.05.16 13:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)

DRV - [2008.04.27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008.04.02 00:13:57 | 001,807,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)

DRV - [2008.01.23 10:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11)

DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)

DRV - [2007.11.16 06:09:03 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)

DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2007.08.11 05:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)

DRV - [2007.08.09 05:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007.07.30 20:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007.07.30 19:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)

DRV - [2006.12.15 09:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)

DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

IE - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/webResults.html?src=ieb&q={searchTerms}

IE - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "www.google.at"

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q="

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Vroni\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll File not found

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.27 10:51:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 15:01:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.22 22:37:50 | 000,000,000 | ---D | M]

 

[2009.01.27 20:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vroni\AppData\Roaming\mozilla\Extensions

[2012.07.20 19:16:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vroni\AppData\Roaming\mozilla\Firefox\Profiles\n6gbonvb.default\extensions

[2010.09.16 07:28:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Vroni\AppData\Roaming\mozilla\Firefox\Profiles\n6gbonvb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.06.18 16:17:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Vroni\AppData\Roaming\mozilla\Firefox\Profiles\n6gbonvb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2012.05.21 10:26:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Vroni\AppData\Roaming\mozilla\Firefox\Profiles\n6gbonvb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2012.03.23 15:58:44 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Vroni\AppData\Roaming\mozilla\Firefox\Profiles\n6gbonvb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.07.14 13:03:21 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Vroni\AppData\Roaming\mozilla\Firefox\Profiles\n6gbonvb.default\extensions\2020Player_IKEA@2020Technologies.com

[2009.07.18 01:02:48 | 000,002,476 | ---- | M] () -- C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\n6gbonvb.default\searchplugins\BearShareWebSearch.xml

[2012.07.27 11:59:43 | 000,000,950 | ---- | M] () -- C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\n6gbonvb.default\searchplugins\icqplugin-1.xml

[2009.03.05 21:07:30 | 000,000,962 | ---- | M] () -- C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\n6gbonvb.default\searchplugins\icqplugin.xml

[2012.07.28 17:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2009.03.05 21:08:10 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012.06.27 10:51:03 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5

[2012.06.27 10:53:50 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\VRONI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N6GBONVB.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI

[2012.07.19 15:01:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2009.07.18 01:02:48 | 000,002,476 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml

[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - Extension: No name found = C:\Users\Vroni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O3 - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)

O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000..\Run: [Microsoft Security Client User Interface] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)

O4 - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000..\RunOnce: [Shockwave Updater] "C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1100470.exe" -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)" -"hxxp://www.dr-load.de/180107/funnygames/games/diner_dash.html" File not found

F3 - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000 WinNT: Load - (C:\Users\Vroni\LOCALS~1\Temp\msirmurxo.exe) -  File not found

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Vroni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.33.55.5 212.33.32.160

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B285989A-B40E-43B1-848E-FFAF486CD157}: DhcpNameServer = 212.33.55.5 212.33.32.160

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{01082fdf-c945-11df-a920-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{01082fdf-c945-11df-a920-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1

O33 - MountPoints2\{0a2becb6-6cdd-11e1-9757-806e6f6e6963}\Shell\AutoRun\command - "" = H:\ActivateWarranty(JF).exe

O33 - MountPoints2\{189b2a17-2af5-11df-b2f5-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{189b2a17-2af5-11df-b2f5-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1

O33 - MountPoints2\{2e55b85f-4979-11df-bd32-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{2e55b85f-4979-11df-bd32-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1

O33 - MountPoints2\{2faf66e7-b3cb-11dd-bb2e-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{2faf66e7-b3cb-11dd-bb2e-002354729427}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{2faf66ff-b3cb-11dd-bb2e-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{2faf66ff-b3cb-11dd-bb2e-002354729427}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{382954fe-55e2-11de-a45e-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{382954fe-55e2-11de-a45e-002354729427}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{3bef469a-0734-11de-a226-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{3bef469a-0734-11de-a226-002354729427}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{61479177-ee4a-11de-8a6d-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{61479177-ee4a-11de-8a6d-002354729427}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O33 - MountPoints2\{6801e173-153a-11df-b521-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{6801e173-153a-11df-b521-002354729427}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{6801e175-153a-11df-b521-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{6801e175-153a-11df-b521-002354729427}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{73c383ec-2add-11df-8248-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{73c383ec-2add-11df-8248-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1

O33 - MountPoints2\{73c3841b-2add-11df-8248-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{73c3841b-2add-11df-8248-002354729427}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1

O33 - MountPoints2\{874fed5a-a31b-11e1-bfef-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{874fed5a-a31b-11e1-bfef-806e6f6e6963}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1

O33 - MountPoints2\{88344f98-a31a-11e1-ba42-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{88344f98-a31a-11e1-ba42-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1

O33 - MountPoints2\{94b25201-2ad9-11df-9530-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{94b25201-2ad9-11df-9530-002354729427}\Shell\AutoRun\command - "" = H:\.\Autorun.exe AUTORUN=1

O33 - MountPoints2\{a96d42fe-2af5-11df-90fa-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{a96d42fe-2af5-11df-90fa-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1

O33 - MountPoints2\{d3ea963a-b81c-11e0-a106-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{d3ea963a-b81c-11e0-a106-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1

O33 - MountPoints2\{e0b74f11-2232-11e1-92e6-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{e0b74f11-2232-11e1-92e6-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.07.29 22:03:30 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Vroni\Desktop\OTL.exe

[2012.07.26 19:42:13 | 000,000,000 | ---D | C] -- C:\Users\Vroni\AppData\Local\Macromedia

[2012.07.25 13:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.07.23 22:29:01 | 000,000,000 | ---D | C] -- C:\Users\Vroni\AppData\Roaming\Malwarebytes

[2012.07.23 22:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.07.23 22:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.07.23 22:28:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.07.23 22:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.07.22 19:58:20 | 000,000,000 | ---D | C] -- C:\Users\Vroni\AppData\Local\Apple

[2012.07.22 19:57:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012.07.22 19:30:40 | 000,000,000 | ---D | C] -- C:\Users\Vroni\AppData\Local\Temp

[2012.07.22 17:10:54 | 000,000,000 | ---D | C] -- C:\Users\Vroni\AppData\Roaming\GlarySoft

[2012.07.22 15:19:44 | 000,000,000 | ---D | C] -- C:\Users\Vroni\{6ea777ac-cad2-4119-adb1-f85e1458b3ec}

[2012.07.20 14:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\olbdvxfbegvdtbk

[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.07.31 19:19:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.07.31 19:19:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.07.31 19:17:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.07.31 07:19:31 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.07.31 07:19:28 | 000,048,063 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012.07.31 07:19:27 | 000,048,063 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012.07.31 07:19:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.07.30 19:53:26 | 000,000,572 | ---- | M] () -- C:\Users\Vroni\Desktop\adwcleaner - Verknüpfung.lnk

[2012.07.29 22:03:36 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Vroni\Desktop\OTL.exe

[2012.07.27 13:38:29 | 540,089,018 | ---- | M] () -- C:\Users\Vroni\Documents\video.avi(4).ddp

[2012.07.27 13:38:29 | 000,004,121 | ---- | M] () -- C:\Users\Vroni\Documents\video.avi(4).ddr

[2012.07.27 13:38:29 | 000,000,803 | ---- | M] () -- C:\Users\Vroni\Documents\0.ddi

[2012.07.27 13:34:18 | 540,089,018 | ---- | M] () -- C:\Users\Vroni\Documents\video.avi.ddp

[2012.07.27 13:34:18 | 540,089,018 | ---- | M] () -- C:\Users\Vroni\Documents\video.avi(3).ddp

[2012.07.27 13:34:18 | 540,089,018 | ---- | M] () -- C:\Users\Vroni\Documents\video.avi(2).ddp

[2012.07.27 13:34:18 | 000,004,121 | ---- | M] () -- C:\Users\Vroni\Documents\video.avi.ddr

[2012.07.27 13:34:18 | 000,004,121 | ---- | M] () -- C:\Users\Vroni\Documents\video.avi(3).ddr

[2012.07.27 13:34:18 | 000,004,121 | ---- | M] () -- C:\Users\Vroni\Documents\video.avi(2).ddr

[2012.07.26 11:38:55 | 001,107,500 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.07.26 11:38:54 | 002,173,984 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.07.26 11:38:54 | 000,638,384 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.07.26 11:38:54 | 000,570,372 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.07.25 11:17:49 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe

[2012.07.23 22:28:52 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.20 14:34:57 | 000,000,051 | ---- | M] () -- C:\ProgramData\vhxukcdgwtaesys

[2012.07.17 19:28:00 | 003,658,390 | ---- | M] () -- C:\Users\Vroni\Desktop\DSCN0891.JPG

[2012.07.14 13:09:28 | 000,051,511 | ---- | M] () -- C:\Users\Vroni\Desktop\71_-1831738633.jpg

[2012.07.12 08:54:16 | 000,417,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.07.11 18:50:13 | 000,347,552 | ---- | M] () -- C:\Users\Vroni\Desktop\SGD-Wo E 2.pdf

[2012.07.11 08:53:30 | 000,518,919 | ---- | M] () -- C:\Users\Vroni\Desktop\Checkliste.pdf

[2012.07.10 14:03:24 | 000,002,631 | ---- | M] () -- C:\Users\Vroni\Desktop\Microsoft Office Word 2007.lnk

[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.07.30 19:53:26 | 000,000,572 | ---- | C] () -- C:\Users\Vroni\Desktop\adwcleaner - Verknüpfung.lnk

[2012.07.27 13:37:48 | 000,000,803 | ---- | C] () -- C:\Users\Vroni\Documents\0.ddi

[2012.07.27 13:37:28 | 540,089,018 | ---- | C] () -- C:\Users\Vroni\Documents\video.avi(4).ddp

[2012.07.27 13:37:28 | 000,004,121 | ---- | C] () -- C:\Users\Vroni\Documents\video.avi(4).ddr

[2012.07.27 13:32:13 | 000,004,121 | ---- | C] () -- C:\Users\Vroni\Documents\video.avi(3).ddr

[2012.07.27 13:32:12 | 540,089,018 | ---- | C] () -- C:\Users\Vroni\Documents\video.avi(3).ddp

[2012.07.27 13:09:20 | 540,089,018 | ---- | C] () -- C:\Users\Vroni\Documents\video.avi(2).ddp

[2012.07.27 13:09:20 | 000,004,121 | ---- | C] () -- C:\Users\Vroni\Documents\video.avi(2).ddr

[2012.07.27 12:51:27 | 540,089,018 | ---- | C] () -- C:\Users\Vroni\Documents\video.avi.ddp

[2012.07.27 12:51:27 | 000,004,121 | ---- | C] () -- C:\Users\Vroni\Documents\video.avi.ddr

[2012.07.23 22:28:52 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.20 14:34:42 | 000,000,051 | ---- | C] () -- C:\ProgramData\vhxukcdgwtaesys

[2012.07.17 19:29:12 | 003,658,390 | ---- | C] () -- C:\Users\Vroni\Desktop\DSCN0891.JPG

[2012.07.11 18:50:13 | 000,347,552 | ---- | C] () -- C:\Users\Vroni\Desktop\SGD-Wo E 2.pdf

[2012.07.11 08:53:30 | 000,518,919 | ---- | C] () -- C:\Users\Vroni\Desktop\Checkliste.pdf

[2012.07.07 12:12:07 | 000,051,511 | ---- | C] () -- C:\Users\Vroni\Desktop\71_-1831738633.jpg

[2012.03.06 22:31:50 | 000,000,680 | ---- | C] () -- C:\Users\Vroni\AppData\Local\d3d9caps.dat

[2011.05.06 20:04:45 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI

[2008.11.21 15:34:19 | 000,000,084 | -H-- | C] () -- C:\ProgramData\aspg.dat

[2008.11.16 21:03:57 | 000,048,063 | ---- | C] () -- C:\ProgramData\nvModes.001

[2008.11.16 21:03:50 | 000,048,063 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2008.11.15 22:07:19 | 000,100,352 | ---- | C] () -- C:\Users\Vroni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.07.02 04:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll

[2008.05.22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg

 
 ========== LOP Check ==========

 

[2012.05.14 08:49:36 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\3DataManager

[2012.03.23 15:58:55 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\DVDVideoSoft

[2012.03.23 15:58:44 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.01.13 23:17:38 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Gaijin Ent

[2012.02.08 11:55:45 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\GitarreroSoftware

[2012.07.22 20:13:04 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\GlarySoft

[2012.03.25 14:57:05 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\HappyFoto

[2012.04.11 16:00:05 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Image Zone Express

[2009.03.08 21:13:52 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\MAGIX

[2012.03.18 18:49:49 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\MediaWmplay

[2009.07.21 15:42:06 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Merscom

[2009.11.06 20:15:22 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\oberon

[2008.12.30 11:12:51 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\OpenOffice.org

[2010.04.12 17:27:06 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\PC Suite

[2009.11.14 11:44:39 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Printer Info Cache

[2010.03.08 19:55:37 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Program Files

[2009.01.16 13:29:38 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\ProtectDisc

[2011.01.24 21:43:49 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Samsung

[2012.03.22 19:20:55 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\TuneUp Software

[2010.03.09 08:03:50 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Upgrades

[2012.07.31 07:18:00 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.05.14 08:49:36 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\3DataManager

[2008.11.15 13:26:52 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Adobe

[2011.03.15 11:00:53 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Apple Computer

[2012.06.27 10:50:42 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\DivX

[2012.03.23 15:58:55 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\DVDVideoSoft

[2012.03.23 15:58:44 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.01.13 23:17:38 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Gaijin Ent

[2012.02.08 11:55:45 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\GitarreroSoftware

[2012.07.22 20:13:04 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\GlarySoft

[2012.03.25 14:57:05 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\HappyFoto

[2009.11.05 17:34:16 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\HP

[2010.11.26 20:29:29 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\HpUpdate

[2010.10.02 19:25:25 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Identities

[2012.04.11 16:00:05 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Image Zone Express

[2012.03.06 22:04:53 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\kodak

[2010.11.25 11:31:07 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Macromedia

[2009.03.08 21:13:52 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\MAGIX

[2012.07.23 22:29:01 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Malwarebytes

[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Media Center Programs

[2012.03.18 18:49:49 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\MediaWmplay

[2009.07.21 15:42:06 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Merscom

[2012.07.26 19:42:13 | 000,000,000 | --SD | M] -- C:\Users\Vroni\AppData\Roaming\Microsoft

[2009.01.27 20:05:59 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Mozilla

[2009.11.06 20:15:22 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\oberon

[2008.12.30 11:12:51 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\OpenOffice.org

[2010.04.12 17:27:06 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\PC Suite

[2009.11.14 11:44:39 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Printer Info Cache

[2010.03.08 19:55:37 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Program Files

[2009.01.16 13:29:38 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\ProtectDisc

[2011.01.24 21:43:49 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Samsung

[2008.11.16 01:02:28 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Symantec

[2012.03.22 19:20:55 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\TuneUp Software

[2010.12.28 22:08:29 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\U3

[2010.03.09 08:03:50 | 000,000,000 | ---D | M] -- C:\Users\Vroni\AppData\Roaming\Upgrades

 
 < %APPDATA%\*.exe /s >

[2011.11.19 17:55:11 | 003,800,224 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Vroni\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

[2011.08.19 14:00:11 | 003,089,056 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Vroni\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

[2006.12.14 11:00:02 | 000,110,592 | ---- | M] () -- C:\Users\Vroni\AppData\Roaming\U3\temp\cleanup.exe

[2007.02.12 18:46:54 | 003,096,576 | ---- | M] (SanDisk Corporation) -- C:\Users\Vroni\AppData\Roaming\U3\temp\Launchpad Removal.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

[1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ]

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2012.02.17 09:06:19 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll

[2012.02.17 09:06:19 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll

 
 < CREATERESTOREPOIN >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:CBEB737E

@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:AD727397

@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:A42A9F39

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:7AF9CAEB

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0DFE2AE1

@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:700CD00E

@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:059167AF

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:41099CE9

@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:FECEF728

@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:87FA5E8A

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:FD444D31

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:D994162E

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B093E177

@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:8BCF4DE2

@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:12EA4DC9

@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:A688EF17

@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:6BF0805F

@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:1A4BF204

@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:097FF903

@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:1941675B

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A23D24E7

@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:B268A25C

@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:71FA8B7F

@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:B6DD2C7E

@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:52E1DB1D

@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:BDF08FAF
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-4195003514-2229833858-1086125095-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/webResults.html?src=ieb&q={searchTerms}

FF - user.js - File not found

[2009.07.18 01:02:48 | 000,002,476 | ---- | M] () -- C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\n6gbonvb.default\searchplugins\BearShareWebSearch.xml

[2012.07.27 11:59:43 | 000,000,950 | ---- | M] () -- C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\n6gbonvb.default\searchplugins\icqplugin-1.xml

[2009.03.05 21:07:30 | 000,000,962 | ---- | M] () -- C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\n6gbonvb.default\searchplugins\icqplugin.xml

[2012.07.28 17:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2009.03.05 21:08:10 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2009.07.18 01:02:48 | 000,002,476 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{01082fdf-c945-11df-a920-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{01082fdf-c945-11df-a920-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1

O33 - MountPoints2\{0a2becb6-6cdd-11e1-9757-806e6f6e6963}\Shell\AutoRun\command - "" = H:\ActivateWarranty(JF).exe

O33 - MountPoints2\{189b2a17-2af5-11df-b2f5-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{189b2a17-2af5-11df-b2f5-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1

O33 - MountPoints2\{2e55b85f-4979-11df-bd32-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{2e55b85f-4979-11df-bd32-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1

O33 - MountPoints2\{2faf66e7-b3cb-11dd-bb2e-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{2faf66e7-b3cb-11dd-bb2e-002354729427}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{2faf66ff-b3cb-11dd-bb2e-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{2faf66ff-b3cb-11dd-bb2e-002354729427}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{382954fe-55e2-11de-a45e-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{382954fe-55e2-11de-a45e-002354729427}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{3bef469a-0734-11de-a226-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{3bef469a-0734-11de-a226-002354729427}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{61479177-ee4a-11de-8a6d-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{61479177-ee4a-11de-8a6d-002354729427}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O33 - MountPoints2\{6801e173-153a-11df-b521-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{6801e173-153a-11df-b521-002354729427}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{6801e175-153a-11df-b521-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{6801e175-153a-11df-b521-002354729427}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{73c383ec-2add-11df-8248-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{73c383ec-2add-11df-8248-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1

O33 - MountPoints2\{73c3841b-2add-11df-8248-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{73c3841b-2add-11df-8248-002354729427}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1

O33 - MountPoints2\{874fed5a-a31b-11e1-bfef-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{874fed5a-a31b-11e1-bfef-806e6f6e6963}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1

O33 - MountPoints2\{88344f98-a31a-11e1-ba42-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{88344f98-a31a-11e1-ba42-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1

O33 - MountPoints2\{94b25201-2ad9-11df-9530-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{94b25201-2ad9-11df-9530-002354729427}\Shell\AutoRun\command - "" = H:\.\Autorun.exe AUTORUN=1

O33 - MountPoints2\{a96d42fe-2af5-11df-90fa-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{a96d42fe-2af5-11df-90fa-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1

O33 - MountPoints2\{d3ea963a-b81c-11e0-a106-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{d3ea963a-b81c-11e0-a106-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1

O33 - MountPoints2\{e0b74f11-2232-11e1-92e6-002354729427}\Shell - "" = AutoRun

O33 - MountPoints2\{e0b74f11-2232-11e1-92e6-002354729427}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1

@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:CBEB737E

@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:AD727397

@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:A42A9F39

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:7AF9CAEB

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0DFE2AE1

@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:700CD00E

@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:059167AF

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:41099CE9

@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:FECEF728

@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:87FA5E8A

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:FD444D31

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:D994162E

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B093E177

@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:8BCF4DE2

@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:12EA4DC9

@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:A688EF17

@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:6BF0805F

@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:1A4BF204

@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:097FF903

@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:1941675B

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A23D24E7

@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:B268A25C

@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:71FA8B7F

@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:B6DD2C7E

@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:52E1DB1D

@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:BDF08FAF

:Files

c:\user.js

C:\Users\Vroni\{6ea777ac-cad2-4119-adb1-f85e1458b3ec}

C:\ProgramData\olbdvxfbegvdtbk

C:\ProgramData\vhxukcdgwtaesys

C:\Users\Vroni\Downloads\Facemoods.exe

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

All processes killed

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-4195003514-2229833858-1086125095-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.

Registry key HKEY_USERS\S-1-5-21-4195003514-2229833858-1086125095-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ not found.

C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\n6gbonvb.default\searchplugins\BearShareWebSearch.xml moved successfully.

C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\n6gbonvb.default\searchplugins\icqplugin-1.xml moved successfully.

C:\Users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\n6gbonvb.default\searchplugins\icqplugin.xml moved successfully.

C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.

C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.

C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.

C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.

C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.

C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.

C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.

C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.

C:\Program Files\mozilla firefox\extensions folder moved successfully.

Folder C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.

C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml moved successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01082fdf-c945-11df-a920-002354729427}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01082fdf-c945-11df-a920-002354729427}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01082fdf-c945-11df-a920-002354729427}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01082fdf-c945-11df-a920-002354729427}\ not found.

File F:\.\Autorun.exe AUTORUN=1 not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2becb6-6cdd-11e1-9757-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2becb6-6cdd-11e1-9757-806e6f6e6963}\ not found.

File H:\ActivateWarranty(JF).exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{189b2a17-2af5-11df-b2f5-002354729427}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{189b2a17-2af5-11df-b2f5-002354729427}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{189b2a17-2af5-11df-b2f5-002354729427}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{189b2a17-2af5-11df-b2f5-002354729427}\ not found.

File F:\.\Autorun.exe AUTORUN=1 not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e55b85f-4979-11df-bd32-002354729427}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e55b85f-4979-11df-bd32-002354729427}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e55b85f-4979-11df-bd32-002354729427}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e55b85f-4979-11df-bd32-002354729427}\ not found.

File F:\.\Autorun.exe AUTORUN=1 not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2faf66e7-b3cb-11dd-bb2e-002354729427}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2faf66e7-b3cb-11dd-bb2e-002354729427}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2faf66e7-b3cb-11dd-bb2e-002354729427}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2faf66e7-b3cb-11dd-bb2e-002354729427}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2faf66ff-b3cb-11dd-bb2e-002354729427}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2faf66ff-b3cb-11dd-bb2e-002354729427}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2faf66ff-b3cb-11dd-bb2e-002354729427}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2faf66ff-b3cb-11dd-bb2e-002354729427}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{382954fe-55e2-11de-a45e-002354729427}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{382954fe-55e2-11de-a45e-002354729427}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{382954fe-55e2-11de-a45e-002354729427}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{382954fe-55e2-11de-a45e-002354729427}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bef469a-0734-11de-a226-002354729427}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bef469a-0734-11de-a226-002354729427}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bef469a-0734-11de-a226-002354729427}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bef469a-0734-11de-a226-002354729427}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61479177-ee4a-11de-8a6d-002354729427}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61479177-ee4a-11de-8a6d-002354729427}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61479177-ee4a-11de-8a6d-002354729427}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61479177-ee4a-11de-8a6d-002354729427}\ not found.

File H:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6801e173-153a-11df-b521-002354729427}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6801e173-153a-11df-b521-002354729427}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6801e173-153a-11df-b521-002354729427}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6801e173-153a-11df-b521-002354729427}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6801e175-153a-11df-b521-002354729427}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6801e175-153a-11df-b521-002354729427}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6801e175-153a-11df-b521-002354729427}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6801e175-153a-11df-b521-002354729427}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73c383ec-2add-11df-8248-002354729427}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73c383ec-2add-11df-8248-002354729427}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73c383ec-2add-11df-8248-002354729427}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73c383ec-2add-11df-8248-002354729427}\ not found.

File F:\.\Autorun.exe AUTORUN=1 not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73c3841b-2add-11df-8248-002354729427}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73c3841b-2add-11df-8248-002354729427}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73c3841b-2add-11df-8248-002354729427}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73c3841b-2add-11df-8248-002354729427}\ not found.

File G:\.\Autorun.exe AUTORUN=1 not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{874fed5a-a31b-11e1-bfef-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{874fed5a-a31b-11e1-bfef-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{874fed5a-a31b-11e1-bfef-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{874fed5a-a31b-11e1-bfef-806e6f6e6963}\ not found.

File G:\.\Autorun.exe AUTORUN=1 not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88344f98-a31a-11e1-ba42-002354729427}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88344f98-a31a-11e1-ba42-002354729427}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88344f98-a31a-11e1-ba42-002354729427}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88344f98-a31a-11e1-ba42-002354729427}\ not found.

File F:\.\Autorun.exe AUTORUN=1 not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94b25201-2ad9-11df-9530-002354729427}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94b25201-2ad9-11df-9530-002354729427}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94b25201-2ad9-11df-9530-002354729427}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94b25201-2ad9-11df-9530-002354729427}\ not found.

File H:\.\Autorun.exe AUTORUN=1 not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a96d42fe-2af5-11df-90fa-002354729427}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a96d42fe-2af5-11df-90fa-002354729427}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a96d42fe-2af5-11df-90fa-002354729427}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a96d42fe-2af5-11df-90fa-002354729427}\ not found.

File F:\.\Autorun.exe AUTORUN=1 not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3ea963a-b81c-11e0-a106-002354729427}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3ea963a-b81c-11e0-a106-002354729427}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3ea963a-b81c-11e0-a106-002354729427}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3ea963a-b81c-11e0-a106-002354729427}\ not found.

File F:\.\Autorun.exe AUTORUN=1 not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0b74f11-2232-11e1-92e6-002354729427}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0b74f11-2232-11e1-92e6-002354729427}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0b74f11-2232-11e1-92e6-002354729427}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0b74f11-2232-11e1-92e6-002354729427}\ not found.

File F:\.\Autorun.exe AUTORUN=1 not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.

File F:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.

File G:\.\Autorun.exe AUTORUN=1 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:CBEB737E @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:AD727397 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:A42A9F39 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:7AF9CAEB @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0DFE2AE1 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:700CD00E @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:059167AF @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:41099CE9 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:FECEF728 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:87FA5E8A @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:FD444D31 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:D994162E @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B093E177 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:8BCF4DE2 @Alternat not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: Vroni

->Temp folder emptied: 680897 bytes

->Temporary Internet Files folder emptied: 8692183 bytes

->Java cache emptied: 20225538 bytes

->FireFox cache emptied: 60766798 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 6895515 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 279440 bytes

Windows Temp folder emptied: 586324 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 94,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Public

 

User: Vroni

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.55.0 log created on 08022012_064645
 

Files\Folders moved on Reboot...
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

He meine Desktopsymbole sind da geblieben :rofl:
Aber das Desktopfenster kommt noch immer :heulen:

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Code:

14:55:41.0412 3376        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

14:55:43.0112 3376        ============================================================

14:55:43.0112 3376        Current date / time: 2012/08/03 14:55:43.0112

14:55:43.0112 3376        SystemInfo:

14:55:43.0112 3376        

14:55:43.0112 3376        OS Version: 6.0.6002 ServicePack: 2.0

14:55:43.0112 3376        Product type: Workstation

14:55:43.0112 3376        ComputerName: VRONI-PC

14:55:43.0112 3376        UserName: Vroni

14:55:43.0112 3376        Windows directory: C:\Windows

14:55:43.0112 3376        System windows directory: C:\Windows

14:55:43.0112 3376        Processor architecture: Intel x86

14:55:43.0112 3376        Number of processors: 2

14:55:43.0112 3376        Page size: 0x1000

14:55:43.0112 3376        Boot type: Normal boot

14:55:43.0112 3376        ============================================================

14:55:47.0660 3376        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

14:55:47.0680 3376        ============================================================

14:55:47.0680 3376        \Device\Harddisk0\DR0:

14:55:47.0690 3376        MBR partitions:

14:55:47.0690 3376        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388B3B, BlocksNum 0x12A14C00

14:55:47.0760 3376        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13D9D77A, BlocksNum 0x1168FF47

14:55:47.0760 3376        ============================================================

14:55:47.0830 3376        C: <-> \Device\Harddisk0\DR0\Partition0

14:55:47.0900 3376        D: <-> \Device\Harddisk0\DR0\Partition1

14:55:47.0900 3376        ============================================================

14:55:47.0900 3376        Initialize success

14:55:47.0900 3376        ============================================================

14:57:27.0833 4180        ============================================================

14:57:27.0833 4180        Scan started

14:57:27.0833 4180        Mode: Manual; SigCheck; TDLFS; 

14:57:27.0833 4180        ============================================================

14:57:37.0349 4180        acedrv11        (66dc3740111238c91b875d8a0021834d) C:\Windows\system32\drivers\acedrv11.sys

14:57:37.0801 4180        acedrv11 - ok

14:57:37.0942 4180        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

14:57:38.0004 4180        ACPI - ok

14:57:38.0316 4180        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

14:57:38.0378 4180        adp94xx - ok

14:57:38.0441 4180        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

14:57:38.0472 4180        adpahci - ok

14:57:38.0503 4180        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

14:57:38.0534 4180        adpu160m - ok

14:57:38.0566 4180        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

14:57:38.0597 4180        adpu320 - ok

14:57:38.0722 4180        ADSMService     (609a6f49b6af0f25837f8a0edddb0745) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

14:57:38.0768 4180        ADSMService ( UnsignedFile.Multi.Generic ) - warning

14:57:38.0768 4180        ADSMService - detected UnsignedFile.Multi.Generic (1)

14:57:38.0971 4180        AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

14:57:39.0938 4180        AeLookupSvc - ok

14:57:40.0188 4180        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

14:57:40.0422 4180        AFD - ok

14:57:41.0311 4180        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

14:57:41.0342 4180        agp440 - ok

14:57:41.0530 4180        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

14:57:41.0592 4180        aic78xx - ok

14:57:41.0701 4180        ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

14:57:43.0464 4180        ALG - ok

14:57:43.0558 4180        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

14:57:43.0604 4180        aliide - ok

14:57:43.0714 4180        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

14:57:43.0776 4180        amdagp - ok

14:57:43.0838 4180        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

14:57:43.0870 4180        amdide - ok

14:57:44.0026 4180        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

14:57:44.0104 4180        AmdK7 - ok

14:57:44.0244 4180        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

14:57:44.0322 4180        AmdK8 - ok

14:57:44.0431 4180        Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

14:57:44.0525 4180        Appinfo - ok

14:57:44.0728 4180        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

14:57:44.0806 4180        arc - ok

14:57:44.0977 4180        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

14:57:45.0040 4180        arcsas - ok

14:57:45.0149 4180        AsDsm           (4385e371c25c94c804e9d3152bd9e1f7) C:\Windows\system32\drivers\AsDsm.sys

14:57:45.0164 4180        AsDsm - ok

14:57:45.0445 4180        ASLDRService    (5a055a4777cbbc8845dd598cb2eebf69) C:\Program Files\ATK Hotkey\ASLDRSrv.exe

14:57:45.0476 4180        ASLDRService ( UnsignedFile.Multi.Generic ) - warning

14:57:45.0476 4180        ASLDRService - detected UnsignedFile.Multi.Generic (1)

14:57:45.0632 4180        ASMMAP          (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys

14:57:45.0648 4180        ASMMAP - ok

14:57:46.0022 4180        aspnet_state    (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

14:57:46.0553 4180        aspnet_state - ok

14:57:46.0646 4180        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

14:57:46.0756 4180        AsyncMac - ok

14:57:46.0849 4180        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

14:57:46.0880 4180        atapi - ok

14:57:49.0252 4180        athr            (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys

14:57:49.0626 4180        athr - ok

14:57:49.0954 4180        ATKGFNEXSrv     (7c157574a181b19b9dcf5f339e25337e) C:\Program Files\ATKGFNEX\GFNEXSrv.exe

14:57:50.0016 4180        ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning

14:57:50.0016 4180        ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)

14:57:51.0139 4180        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

14:57:51.0217 4180        AudioEndpointBuilder - ok

14:57:51.0233 4180        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

14:57:51.0280 4180        Audiosrv - ok

14:57:51.0498 4180        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

14:57:51.0592 4180        Beep - ok

14:57:52.0403 4180        BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

14:57:52.0574 4180        BFE - ok

14:57:54.0493 4180        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll

14:57:54.0899 4180        BITS - ok

14:57:55.0055 4180        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

14:57:55.0180 4180        blbdrive - ok

14:57:55.0398 4180        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

14:57:55.0538 4180        bowser - ok

14:57:55.0648 4180        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

14:57:55.0726 4180        BrFiltLo - ok

14:57:55.0788 4180        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

14:57:55.0866 4180        BrFiltUp - ok

14:57:56.0038 4180        Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

14:57:56.0116 4180        Browser - ok

14:57:56.0334 4180        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

14:57:57.0894 4180        Brserid - ok

14:57:58.0066 4180        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

14:57:58.0190 4180        BrSerWdm - ok

14:57:58.0237 4180        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

14:57:58.0346 4180        BrUsbMdm - ok

14:57:58.0424 4180        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

14:57:58.0534 4180        BrUsbSer - ok

14:57:58.0643 4180        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

14:57:58.0768 4180        BTHMODEM - ok

14:57:58.0892 4180        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

14:57:58.0970 4180        cdfs - ok

14:57:59.0158 4180        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

14:57:59.0251 4180        cdrom - ok

14:57:59.0360 4180        CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

14:57:59.0423 4180        CertPropSvc - ok

14:57:59.0797 4180        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

14:57:59.0875 4180        circlass - ok

14:58:00.0484 4180        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

14:58:00.0593 4180        CLFS - ok

14:58:00.0983 4180        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:58:01.0981 4180        clr_optimization_v2.0.50727_32 - ok

14:58:02.0418 4180        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:58:02.0792 4180        clr_optimization_v4.0.30319_32 - ok

14:58:02.0902 4180        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

14:58:02.0995 4180        CmBatt - ok

14:58:03.0073 4180        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

14:58:03.0104 4180        cmdide - ok

14:58:03.0198 4180        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

14:58:03.0214 4180        Compbatt - ok

14:58:03.0229 4180        COMSysApp - ok

14:58:03.0338 4180        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

14:58:03.0370 4180        crcdisk - ok

14:58:03.0463 4180        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

14:58:03.0541 4180        Crusoe - ok

14:58:03.0931 4180        CryptSvc        (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll

14:58:04.0025 4180        CryptSvc - ok

14:58:05.0148 4180        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

14:58:05.0538 4180        DcomLaunch - ok

14:58:05.0772 4180        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

14:58:05.0912 4180        DfsC - ok

14:58:09.0001 4180        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

14:58:09.0235 4180        DFSR - ok

14:58:09.0578 4180        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

14:58:09.0672 4180        Dhcp - ok

14:58:09.0844 4180        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

14:58:09.0890 4180        disk - ok

14:58:09.0953 4180        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

14:58:10.0046 4180        Dnscache - ok

14:58:10.0296 4180        dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

14:58:10.0436 4180        dot3svc - ok

14:58:10.0608 4180        Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

14:58:10.0686 4180        Dot4 - ok

14:58:10.0702 4180        Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

14:58:10.0780 4180        Dot4Print - ok

14:58:10.0842 4180        dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

14:58:10.0920 4180        dot4usb - ok

14:58:10.0951 4180        DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

14:58:11.0045 4180        DPS - ok

14:58:11.0092 4180        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

14:58:11.0170 4180        drmkaud - ok

14:58:11.0326 4180        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

14:58:11.0388 4180        DXGKrnl - ok

14:58:11.0419 4180        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

14:58:11.0482 4180        E1G60 - ok

14:58:11.0528 4180        EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

14:58:11.0622 4180        EapHost - ok

14:58:11.0684 4180        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

14:58:11.0716 4180        Ecache - ok

14:58:11.0809 4180        ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

14:58:11.0856 4180        ehRecvr - ok

14:58:11.0887 4180        ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

14:58:11.0950 4180        ehSched - ok

14:58:11.0965 4180        ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

14:58:12.0012 4180        ehstart - ok

14:58:12.0074 4180        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

14:58:12.0121 4180        elxstor - ok

14:58:12.0230 4180        EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

14:58:12.0371 4180        EMDMgmt - ok

14:58:12.0402 4180        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

14:58:12.0464 4180        ErrDev - ok

14:58:12.0542 4180        EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

14:58:12.0652 4180        EventSystem - ok

14:58:12.0745 4180        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

14:58:12.0808 4180        exfat - ok

14:58:12.0870 4180        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

14:58:12.0932 4180        fastfat - ok

14:58:12.0979 4180        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

14:58:13.0042 4180        fdc - ok

14:58:13.0073 4180        fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

14:58:13.0182 4180        fdPHost - ok

14:58:13.0198 4180        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

14:58:13.0369 4180        FDResPub - ok

14:58:13.0447 4180        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

14:58:13.0478 4180        FileInfo - ok

14:58:13.0525 4180        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

14:58:13.0588 4180        Filetrace - ok

14:58:13.0993 4180        FirebirdServerMAGIXInstance (167d24a045499ebef438f231976158df) C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

14:58:14.0118 4180        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning

14:58:14.0118 4180        FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)

14:58:14.0399 4180        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

14:58:14.0492 4180        flpydisk - ok

14:58:14.0555 4180        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

14:58:14.0586 4180        FltMgr - ok

14:58:14.0789 4180        FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

14:58:14.0929 4180        FontCache - ok

14:58:15.0054 4180        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

14:58:15.0101 4180        FontCache3.0.0.0 - ok

14:58:15.0179 4180        FsUsbExDisk     (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS

14:58:15.0257 4180        FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning

14:58:15.0257 4180        FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)

14:58:15.0304 4180        Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys

14:58:15.0397 4180        Fs_Rec - ok

14:58:15.0428 4180        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

14:58:15.0460 4180        gagp30kx - ok

14:58:15.0491 4180        ggflt           (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys

14:58:15.0522 4180        ggflt - ok

14:58:15.0569 4180        ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys

14:58:15.0584 4180        ggsemc - ok

14:58:15.0787 4180        gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

14:58:15.0896 4180        gpsvc - ok

14:58:16.0037 4180        gupdate1caded068ded7d8 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

14:58:16.0052 4180        gupdate1caded068ded7d8 - ok

14:58:16.0068 4180        gupdatem        (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

14:58:16.0084 4180        gupdatem - ok

14:58:16.0162 4180        gusvc           (1bf044e23206fddc16891a32922d571b) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

14:58:16.0177 4180        gusvc - ok

14:58:16.0255 4180        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

14:58:16.0380 4180        HdAudAddService - ok

14:58:16.0536 4180        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:58:16.0676 4180        HDAudBus - ok

14:58:16.0708 4180        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

14:58:16.0801 4180        HidBth - ok

14:58:16.0864 4180        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

14:58:16.0988 4180        HidIr - ok

14:58:17.0051 4180        hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll

14:58:17.0176 4180        hidserv - ok

14:58:17.0207 4180        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

14:58:17.0269 4180        HidUsb - ok

14:58:17.0300 4180        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

14:58:17.0456 4180        hkmsvc - ok

14:58:17.0503 4180        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

14:58:17.0550 4180        HpCISSs - ok

14:58:17.0628 4180        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

14:58:17.0706 4180        HTTP - ok

14:58:17.0722 4180        hwdatacard - ok

14:58:17.0737 4180        hwusbdev - ok

14:58:17.0862 4180        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

14:58:17.0909 4180        i2omp - ok

14:58:17.0971 4180        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

14:58:18.0034 4180        i8042prt - ok

14:58:18.0112 4180        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

14:58:18.0158 4180        iaStorV - ok

14:58:18.0268 4180        IDriverT        (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

14:58:18.0299 4180        IDriverT ( UnsignedFile.Multi.Generic ) - warning

14:58:18.0299 4180        IDriverT - detected UnsignedFile.Multi.Generic (1)

14:58:18.0502 4180        idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

14:58:18.0642 4180        idsvc - ok

14:58:18.0704 4180        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

14:58:18.0736 4180        iirsp - ok

14:58:18.0892 4180        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

14:58:19.0048 4180        IKEEXT - ok

14:58:19.0516 4180        IntcAzAudAddService (0557aaee4c86e2c333acd2baf42a7619) C:\Windows\system32\drivers\RTKVHDA.sys

14:58:19.0672 4180        IntcAzAudAddService - ok

14:58:19.0874 4180        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

14:58:19.0906 4180        intelide - ok

14:58:19.0937 4180        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

14:58:19.0999 4180        intelppm - ok

14:58:20.0062 4180        IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

14:58:20.0202 4180        IPBusEnum - ok

14:58:20.0233 4180        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:58:20.0311 4180        IpFilterDriver - ok

14:58:20.0358 4180        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

14:58:20.0498 4180        iphlpsvc - ok

14:58:20.0498 4180        IpInIp - ok

14:58:20.0545 4180        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

14:58:20.0608 4180        IPMIDRV - ok

14:58:20.0654 4180        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

14:58:20.0717 4180        IPNAT - ok

14:58:20.0748 4180        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

14:58:20.0842 4180        IRENUM - ok

14:58:20.0904 4180        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

14:58:20.0951 4180        isapnp - ok

14:58:21.0044 4180        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

14:58:21.0091 4180        iScsiPrt - ok

14:58:21.0138 4180        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

14:58:21.0169 4180        iteatapi - ok

14:58:21.0200 4180        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

14:58:21.0232 4180        iteraid - ok

14:58:21.0278 4180        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

14:58:21.0341 4180        kbdclass - ok

14:58:21.0403 4180        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys

14:58:21.0481 4180        kbdhid - ok

14:58:21.0512 4180        kbfiltr         (27bd4ac228ef6c0d490617c32e86a672) C:\Windows\system32\DRIVERS\kbfiltr.sys

14:58:21.0528 4180        kbfiltr - ok

14:58:21.0590 4180        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

14:58:21.0746 4180        KeyIso - ok

14:58:21.0793 4180        KSecDD          (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys

14:58:21.0840 4180        KSecDD - ok

14:58:21.0902 4180        KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

14:58:22.0105 4180        KtmRm - ok

14:58:22.0183 4180        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll

14:58:22.0433 4180        LanmanServer - ok

14:58:22.0511 4180        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

14:58:22.0776 4180        LanmanWorkstation - ok

14:58:22.0885 4180        LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

14:58:22.0916 4180        LightScribeService ( UnsignedFile.Multi.Generic ) - warning

14:58:22.0916 4180        LightScribeService - detected UnsignedFile.Multi.Generic (1)

14:58:22.0963 4180        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

14:58:23.0041 4180        lltdio - ok

14:58:23.0135 4180        lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

14:58:23.0291 4180        lltdsvc - ok

14:58:23.0322 4180        lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

14:58:23.0540 4180        lmhosts - ok

14:58:23.0665 4180        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

14:58:23.0696 4180        LSI_FC - ok

14:58:23.0759 4180        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

14:58:23.0806 4180        LSI_SAS - ok

14:58:23.0852 4180        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

14:58:23.0884 4180        LSI_SCSI - ok

14:58:23.0915 4180        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

14:58:23.0993 4180        luafv - ok

14:58:24.0055 4180        lullaby         (8039f480c192dd99fed4ebc71ffbf795) C:\Windows\system32\DRIVERS\lullaby.sys

14:58:24.0086 4180        lullaby - ok

14:58:24.0086 4180        massfilter - ok

14:58:24.0164 4180        MBAMProtector   (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys

14:58:24.0180 4180        MBAMProtector - ok

14:58:24.0336 4180        MBAMService     (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

14:58:24.0414 4180        MBAMService - ok

14:58:24.0476 4180        Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

14:58:24.0617 4180        Mcx2Svc - ok

14:58:24.0664 4180        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

14:58:24.0695 4180        megasas - ok

14:58:24.0773 4180        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

14:58:24.0851 4180        MegaSR - ok

14:58:24.0944 4180        Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

14:58:24.0960 4180        Microsoft Office Groove Audit Service - ok

14:58:25.0007 4180        MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

14:58:25.0178 4180        MMCSS - ok

14:58:25.0210 4180        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

14:58:25.0272 4180        Modem - ok

14:58:25.0381 4180        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

14:58:25.0459 4180        monitor - ok

14:58:25.0506 4180        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

14:58:25.0537 4180        mouclass - ok

14:58:25.0568 4180        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

14:58:25.0646 4180        mouhid - ok

14:58:25.0678 4180        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

14:58:25.0709 4180        MountMgr - ok

14:58:25.0756 4180        MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

14:58:25.0771 4180        MozillaMaintenance - ok

14:58:25.0865 4180        MpFilter        (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys

14:58:25.0943 4180        MpFilter - ok

14:58:25.0958 4180        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

14:58:26.0036 4180        mpio - ok

14:58:26.0208 4180        MpKsl0f26ce61   (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6622BA4-77C7-493F-A217-7CE81B3B23E5}\MpKsl0f26ce61.sys

14:58:26.0224 4180        MpKsl0f26ce61 - ok

14:58:26.0286 4180        MpKsld7381dd8   (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6622BA4-77C7-493F-A217-7CE81B3B23E5}\MpKsld7381dd8.sys

14:58:26.0286 4180        Suspicious file (Forged): C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6622BA4-77C7-493F-A217-7CE81B3B23E5}\MpKsld7381dd8.sys. Real md5: a69630d039c38018689190234f866d77, Fake md5: 4137ee420481d10734da3018d0325582

14:58:26.0286 4180        MpKsld7381dd8 ( ForgedFile.Multi.Generic ) - warning

14:58:26.0286 4180        MpKsld7381dd8 - detected ForgedFile.Multi.Generic (1)

14:58:26.0317 4180        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

14:58:26.0364 4180        mpsdrv - ok

14:58:26.0489 4180        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

14:58:26.0660 4180        MpsSvc - ok

14:58:26.0707 4180        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

14:58:26.0738 4180        Mraid35x - ok

14:58:26.0801 4180        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

14:58:26.0848 4180        MRxDAV - ok

14:58:26.0926 4180        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:58:26.0988 4180        mrxsmb - ok

14:58:27.0035 4180        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:58:27.0066 4180        mrxsmb10 - ok

14:58:27.0082 4180        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:58:27.0160 4180        mrxsmb20 - ok

14:58:27.0191 4180        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

14:58:27.0238 4180        msahci - ok

14:58:27.0284 4180        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

14:58:27.0316 4180        msdsm - ok

14:58:27.0347 4180        MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

14:58:27.0503 4180        MSDTC - ok

14:58:27.0550 4180        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

14:58:27.0612 4180        Msfs - ok

14:58:27.0674 4180        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

14:58:27.0706 4180        msisadrv - ok

14:58:27.0768 4180        MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

14:58:27.0908 4180        MSiSCSI - ok

14:58:27.0908 4180        msiserver - ok

14:58:27.0971 4180        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

14:58:28.0033 4180        MSKSSRV - ok

14:58:28.0142 4180        MsMpSvc         (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe

14:58:28.0158 4180        MsMpSvc - ok

14:58:28.0220 4180        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

14:58:28.0283 4180        MSPCLOCK - ok

14:58:28.0314 4180        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

14:58:28.0376 4180        MSPQM - ok

14:58:28.0439 4180        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

14:58:28.0486 4180        MsRPC - ok

14:58:28.0532 4180        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

14:58:28.0579 4180        mssmbios - ok

14:58:28.0642 4180        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

14:58:28.0704 4180        MSTEE - ok

14:58:28.0735 4180        MTsensor        (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys

14:58:28.0798 4180        MTsensor - ok

14:58:28.0844 4180        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

14:58:28.0891 4180        Mup - ok

14:58:28.0922 4180        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

14:58:29.0110 4180        napagent - ok

14:58:29.0172 4180        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

14:58:29.0281 4180        NativeWifiP - ok

14:58:29.0578 4180        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

14:58:29.0687 4180        NDIS - ok

14:58:29.0718 4180        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

14:58:29.0765 4180        NdisTapi - ok

14:58:29.0796 4180        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

14:58:29.0874 4180        Ndisuio - ok

14:58:29.0952 4180        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

14:58:30.0030 4180        NdisWan - ok

14:58:30.0077 4180        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

14:58:30.0139 4180        NDProxy - ok

14:58:30.0170 4180        Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll

14:58:30.0264 4180        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

14:58:30.0264 4180        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

14:58:30.0295 4180        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

14:58:30.0373 4180        NetBIOS - ok

14:58:30.0451 4180        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

14:58:30.0514 4180        netbt - ok

14:58:30.0560 4180        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

14:58:30.0670 4180        Netlogon - ok

14:58:30.0748 4180        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

14:58:30.0935 4180        Netman - ok

14:58:31.0028 4180        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

14:58:31.0216 4180        netprofm - ok

14:58:31.0294 4180        NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:58:31.0325 4180        NetTcpPortSharing - ok

14:58:31.0465 4180        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

14:58:31.0512 4180        nfrd960 - ok

14:58:31.0590 4180        NisDrv          (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

14:58:31.0621 4180        NisDrv - ok

14:58:31.0855 4180        NisSrv          (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe

14:58:31.0886 4180        NisSrv - ok

14:58:31.0964 4180        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

14:58:32.0152 4180        NlaSvc - ok

14:58:32.0261 4180        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

14:58:32.0308 4180        Npfs - ok

14:58:32.0432 4180        nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

14:58:32.0604 4180        nsi - ok

14:58:32.0651 4180        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

14:58:32.0713 4180        nsiproxy - ok

14:58:33.0072 4180        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

14:58:33.0244 4180        Ntfs - ok

14:58:33.0290 4180        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

14:58:33.0400 4180        ntrigdigi - ok

14:58:33.0431 4180        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

14:58:33.0493 4180        Null - ok

14:58:37.0705 4180        nvlddmkm        (5ce5b23855262acabaecce156f48dd88) C:\Windows\system32\DRIVERS\nvlddmkm.sys

14:58:38.0516 4180        nvlddmkm - ok

14:58:38.0766 4180        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

14:58:38.0797 4180        nvraid - ok

14:58:38.0813 4180        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

14:58:38.0860 4180        nvstor - ok

14:58:38.0922 4180        nvsvc           (6df4cc671cd9704840c5522627f3ed43) C:\Windows\system32\nvvsvc.exe

14:58:39.0078 4180        nvsvc - ok

14:58:39.0140 4180        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

14:58:39.0172 4180        nv_agp - ok

14:58:39.0187 4180        NwlnkFlt - ok

14:58:39.0203 4180        NwlnkFwd - ok

14:58:39.0359 4180        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

14:58:39.0406 4180        odserv - ok

14:58:39.0452 4180        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

14:58:39.0546 4180        ohci1394 - ok

14:58:39.0640 4180        ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

14:58:39.0671 4180        ose - ok

14:58:39.0874 4180        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

14:58:40.0123 4180        p2pimsvc - ok

14:58:40.0139 4180        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

14:58:40.0310 4180        p2psvc - ok

14:58:40.0373 4180        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

14:58:40.0482 4180        Parport - ok

14:58:40.0529 4180        partmgr         (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys

14:58:40.0591 4180        partmgr - ok

14:58:40.0622 4180        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

14:58:40.0732 4180        Parvdm - ok

14:58:40.0794 4180        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

14:58:41.0028 4180        PcaSvc - ok

14:58:41.0075 4180        pccsmcfd        (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys

14:58:41.0137 4180        pccsmcfd - ok

14:58:41.0184 4180        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

14:58:41.0231 4180        pci - ok

14:58:41.0262 4180        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

14:58:41.0309 4180        pciide - ok

14:58:41.0371 4180        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

14:58:41.0418 4180        pcmcia - ok

14:58:41.0590 4180        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

14:58:41.0730 4180        PEAUTH - ok

14:58:42.0026 4180        pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

14:58:42.0276 4180        pla - ok

14:58:42.0650 4180        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

14:58:42.0869 4180        PlugPlay - ok

14:58:42.0916 4180        Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll

14:58:43.0009 4180        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

14:58:43.0009 4180        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

14:58:43.0118 4180        PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

14:58:43.0321 4180        PNRPAutoReg - ok

14:58:43.0337 4180        PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

14:58:43.0524 4180        PNRPsvc - ok

14:58:43.0586 4180        PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

14:58:43.0774 4180        PolicyAgent - ok

14:58:43.0836 4180        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

14:58:43.0898 4180        PptpMiniport - ok

14:58:43.0945 4180        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

14:58:44.0008 4180        Processor - ok

14:58:44.0132 4180        ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

14:58:44.0304 4180        ProfSvc - ok

14:58:44.0366 4180        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

14:58:44.0476 4180        ProtectedStorage - ok

14:58:44.0663 4180        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

14:58:44.0756 4180        PSched - ok

14:58:44.0788 4180        PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys

14:58:44.0819 4180        PxHelp20 - ok

14:58:45.0053 4180        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

14:58:45.0146 4180        ql2300 - ok

14:58:45.0209 4180        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

14:58:45.0240 4180        ql40xx - ok

14:58:45.0318 4180        QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

14:58:45.0536 4180        QWAVE - ok

14:58:45.0583 4180        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

14:58:45.0630 4180        QWAVEdrv - ok

14:58:45.0817 4180        RapiMgr         (70dbdab246c18b78e2200d6401d038be) C:\Windows\WindowsMobile\rapimgr.dll

14:58:45.0895 4180        RapiMgr - ok

14:58:45.0926 4180        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

14:58:46.0004 4180        RasAcd - ok

14:58:46.0082 4180        RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

14:58:46.0285 4180        RasAuto - ok

14:58:46.0348 4180        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:58:46.0457 4180        Rasl2tp - ok

14:58:46.0753 4180        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

14:58:46.0972 4180        RasMan - ok

14:58:47.0128 4180        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

14:58:47.0252 4180        RasPppoe - ok

14:58:47.0362 4180        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

14:58:47.0393 4180        RasSstp - ok

14:58:47.0502 4180        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

14:58:47.0549 4180        rdbss - ok

14:58:47.0611 4180        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:58:47.0674 4180        RDPCDD - ok

14:58:47.0720 4180        rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

14:58:47.0783 4180        rdpdr - ok

14:58:47.0798 4180        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

14:58:47.0892 4180        RDPENCDD - ok

14:58:47.0954 4180        RDPWD           (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys

14:58:48.0032 4180        RDPWD - ok

14:58:48.0064 4180        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

14:58:48.0220 4180        RemoteAccess - ok

14:58:48.0282 4180        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

14:58:48.0485 4180        RemoteRegistry - ok

14:58:48.0563 4180        rimmptsk        (c35ca13d3627ebd9dd12a23ce781bc3d) C:\Windows\system32\DRIVERS\rimmptsk.sys

14:58:48.0594 4180        rimmptsk - ok

14:58:48.0656 4180        rimsptsk        (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys

14:58:48.0688 4180        rimsptsk - ok

14:58:48.0703 4180        rismxdp         (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys

14:58:48.0766 4180        rismxdp - ok

14:58:48.0828 4180        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

14:58:48.0953 4180        RpcLocator - ok

14:58:49.0109 4180        RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

14:58:49.0312 4180        RpcSs - ok

14:58:49.0358 4180        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

14:58:49.0421 4180        rspndr - ok

14:58:49.0468 4180        s0016bus        (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys

14:58:49.0499 4180        s0016bus - ok

14:58:49.0530 4180        s0016mdfl       (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys

14:58:49.0561 4180        s0016mdfl - ok

14:58:49.0592 4180        s0016mdm        (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys

14:58:49.0655 4180        s0016mdm - ok

14:58:49.0702 4180        s0016mgmt       (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys

14:58:49.0764 4180        s0016mgmt - ok

14:58:49.0795 4180        s0016nd5        (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys

14:58:49.0826 4180        s0016nd5 - ok

14:58:49.0904 4180        s0016obex       (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys

14:58:49.0936 4180        s0016obex - ok

14:58:49.0982 4180        s0016unic       (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys

14:58:50.0014 4180        s0016unic - ok

14:58:50.0092 4180        SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

14:58:50.0216 4180        SamSs - ok

14:58:50.0263 4180        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

14:58:50.0326 4180        sbp2port - ok

14:58:50.0404 4180        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

14:58:50.0622 4180        SCardSvr - ok

14:58:50.0825 4180        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

14:58:51.0090 4180        Schedule - ok

14:58:51.0121 4180        SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

14:58:51.0168 4180        SCPolicySvc - ok

14:58:51.0246 4180        sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

14:58:51.0293 4180        sdbus - ok

14:58:51.0340 4180        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

14:58:51.0558 4180        SDRSVC - ok

14:58:51.0589 4180        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

14:58:51.0714 4180        secdrv - ok

14:58:51.0761 4180        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

14:58:51.0979 4180        seclogon - ok

14:58:52.0010 4180        seehcri         (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys

14:58:52.0057 4180        seehcri - ok

14:58:52.0088 4180        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

14:58:52.0291 4180        SENS - ok

14:58:52.0338 4180        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

14:58:52.0463 4180        Serenum - ok

14:58:52.0494 4180        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

14:58:52.0619 4180        Serial - ok

14:58:52.0712 4180        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

14:58:52.0790 4180        sermouse - ok

14:58:53.0118 4180        ServiceLayer    (9d38320bb32230349379df5ddbbf7fce) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

14:58:53.0227 4180        ServiceLayer ( UnsignedFile.Multi.Generic ) - warning

14:58:53.0227 4180        ServiceLayer - detected UnsignedFile.Multi.Generic (1)

14:58:53.0321 4180        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

14:58:53.0524 4180        SessionEnv - ok

14:58:53.0570 4180        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

14:58:53.0617 4180        sffdisk - ok

14:58:53.0664 4180        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

14:58:53.0726 4180        sffp_mmc - ok

14:58:53.0804 4180        sffp_sd         (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys

14:58:53.0867 4180        sffp_sd - ok

14:58:53.0898 4180        sfloppy         (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys

14:58:53.0976 4180        sfloppy - ok

14:58:54.0070 4180        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

14:58:54.0194 4180        SharedAccess - ok

14:58:54.0335 4180        ShellHWDetection (c818c44c201898399bf999bb6b35d4e3) C:\Windows\System32\shsvcs.dll

14:58:54.0553 4180        ShellHWDetection - ok

14:58:54.0616 4180        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

14:58:54.0647 4180        sisagp - ok

14:58:54.0678 4180        SiSGbeLH        (73838461f11fc7daee7922c945b2d74f) C:\Windows\system32\DRIVERS\SiSGB6.sys

14:58:54.0725 4180        SiSGbeLH - ok

14:58:54.0787 4180        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

14:58:54.0834 4180        SiSRaid2 - ok

14:58:54.0881 4180        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

14:58:54.0912 4180        SiSRaid4 - ok

14:58:55.0583 4180        slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

14:58:56.0800 4180        slsvc - ok

14:58:57.0049 4180        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

14:58:57.0252 4180        SLUINotify - ok

14:58:57.0330 4180        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

14:58:57.0392 4180        Smb - ok

14:58:57.0626 4180        smserial        (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys

14:58:57.0876 4180        smserial - ok

14:58:57.0954 4180        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

14:58:58.0126 4180        SNMPTRAP - ok

14:58:58.0438 4180        SNP2UVC         (85da7b2a2f248c8c69d7d0a526342683) C:\Windows\system32\DRIVERS\snp2uvc.sys

14:58:58.0906 4180        SNP2UVC - ok

14:58:59.0233 4180        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

14:58:59.0264 4180        spldr - ok

14:58:59.0311 4180        Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

14:58:59.0514 4180        Spooler - ok

14:58:59.0608 4180        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

14:58:59.0670 4180        srv - ok

14:58:59.0748 4180        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

14:58:59.0810 4180        srv2 - ok

14:58:59.0842 4180        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

14:58:59.0920 4180        srvnet - ok

14:59:00.0013 4180        SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

14:59:00.0263 4180        SSDPSRV - ok

14:59:00.0294 4180        SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

14:59:00.0481 4180        SstpSvc - ok

14:59:00.0637 4180        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

14:59:00.0918 4180        stisvc - ok

14:59:00.0965 4180        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

14:59:00.0996 4180        swenum - ok

14:59:01.0136 4180        swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

14:59:01.0386 4180        swprv - ok

14:59:01.0448 4180        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

14:59:01.0480 4180        Symc8xx - ok

14:59:01.0558 4180        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

14:59:01.0589 4180        Sym_hi - ok

14:59:01.0636 4180        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

14:59:01.0667 4180        Sym_u3 - ok

14:59:01.0792 4180        SynTP           (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys

14:59:01.0823 4180        SynTP - ok

14:59:02.0041 4180        SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

14:59:02.0369 4180        SysMain - ok

14:59:02.0416 4180        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

14:59:02.0634 4180        TabletInputService - ok

14:59:02.0743 4180        TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

14:59:02.0993 4180        TapiSrv - ok

14:59:03.0071 4180        TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

14:59:03.0305 4180        TBS - ok

14:59:03.0523 4180        Tcpip           (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys

14:59:03.0695 4180        Tcpip - ok

14:59:03.0710 4180        Tcpip6          (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys

14:59:03.0788 4180        Tcpip6 - ok

14:59:03.0851 4180        tcpipreg        (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys

14:59:03.0898 4180        tcpipreg - ok

14:59:03.0944 4180        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

14:59:04.0007 4180        TDPIPE - ok

14:59:04.0038 4180        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

14:59:04.0116 4180        TDTCP - ok

14:59:04.0194 4180        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

14:59:04.0256 4180        tdx - ok

14:59:04.0288 4180        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

14:59:04.0334 4180        TermDD - ok

14:59:04.0506 4180        TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

14:59:04.0724 4180        TermService - ok

14:59:04.0849 4180        Themes          (c818c44c201898399bf999bb6b35d4e3) C:\Windows\system32\shsvcs.dll

14:59:05.0036 4180        Themes - ok

14:59:05.0068 4180        THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

14:59:05.0208 4180        THREADORDER - ok

14:59:05.0255 4180        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

14:59:05.0520 4180        TrkWks - ok

14:59:05.0629 4180        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

14:59:05.0738 4180        TrustedInstaller - ok

14:59:05.0801 4180        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:59:05.0894 4180        tssecsrv - ok

14:59:05.0926 4180        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

14:59:06.0004 4180        tunmp - ok

14:59:06.0050 4180        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

14:59:06.0113 4180        tunnel - ok

14:59:06.0160 4180        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

14:59:06.0206 4180        uagp35 - ok

14:59:06.0269 4180        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

14:59:06.0331 4180        udfs - ok

14:59:06.0394 4180        UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

14:59:06.0628 4180        UI0Detect - ok

14:59:06.0690 4180        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

14:59:06.0721 4180        uliagpkx - ok

14:59:06.0799 4180        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

14:59:06.0846 4180        uliahci - ok

14:59:06.0893 4180        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

14:59:06.0955 4180        UlSata - ok

14:59:07.0049 4180        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

14:59:07.0096 4180        ulsata2 - ok

14:59:07.0158 4180        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

14:59:07.0220 4180        umbus - ok

14:59:07.0298 4180        UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys

14:59:07.0314 4180        UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning

14:59:07.0314 4180        UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)

14:59:07.0423 4180        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

14:59:07.0657 4180        upnphost - ok

14:59:07.0876 4180        UPnPService     (7ce0fe34fd8fb7f52d1e503b0c1e4fa9) C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

14:59:08.0000 4180        UPnPService ( UnsignedFile.Multi.Generic ) - warning

14:59:08.0000 4180        UPnPService - detected UnsignedFile.Multi.Generic (1)

14:59:08.0078 4180        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

14:59:08.0141 4180        usbccgp - ok

14:59:08.0203 4180        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

14:59:08.0344 4180        usbcir - ok

14:59:08.0390 4180        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

14:59:08.0453 4180        usbehci - ok

14:59:08.0500 4180        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

14:59:08.0578 4180        usbhub - ok

14:59:08.0593 4180        usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

14:59:08.0671 4180        usbohci - ok

14:59:08.0702 4180        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

14:59:08.0780 4180        usbprint - ok

14:59:08.0812 4180        usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

14:59:08.0874 4180        usbscan - ok

14:59:08.0952 4180        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:59:09.0030 4180        USBSTOR - ok

14:59:09.0077 4180        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

14:59:09.0155 4180        usbuhci - ok

14:59:09.0217 4180        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

14:59:09.0311 4180        usbvideo - ok

14:59:09.0373 4180        UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

14:59:09.0576 4180        UxSms - ok

14:59:09.0748 4180        vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

14:59:10.0028 4180        vds - ok

14:59:10.0091 4180        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

14:59:10.0184 4180        vga - ok

14:59:10.0216 4180        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

14:59:10.0309 4180        VgaSave - ok

14:59:10.0372 4180        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

14:59:10.0418 4180        viaagp - ok

14:59:10.0434 4180        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

14:59:10.0512 4180        ViaC7 - ok

14:59:10.0543 4180        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

14:59:10.0590 4180        viaide - ok

14:59:10.0668 4180        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

14:59:10.0699 4180        volmgr - ok

14:59:10.0808 4180        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

14:59:10.0886 4180        volmgrx - ok

14:59:10.0980 4180        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

14:59:11.0027 4180        volsnap - ok

14:59:11.0105 4180        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

14:59:11.0152 4180        vsmraid - ok

14:59:11.0386 4180        VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

14:59:11.0729 4180        VSS - ok

14:59:11.0854 4180        W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

14:59:12.0103 4180        W32Time - ok

14:59:12.0197 4180        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

14:59:12.0322 4180        WacomPen - ok

14:59:12.0368 4180        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

14:59:12.0431 4180        Wanarp - ok

14:59:12.0446 4180        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

14:59:12.0493 4180        Wanarpv6 - ok

14:59:12.0634 4180        WcesComm        (779f9c90d3fe9c70b6ffd8ef035f3e83) C:\Windows\WindowsMobile\wcescomm.dll

14:59:12.0743 4180        WcesComm - ok

14:59:12.0868 4180        wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

14:59:13.0133 4180        wcncsvc - ok

14:59:13.0180 4180        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

14:59:13.0429 4180        WcsPlugInService - ok

14:59:13.0492 4180        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

14:59:13.0538 4180        Wd - ok

14:59:13.0632 4180        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

14:59:13.0710 4180        Wdf01000 - ok

14:59:13.0757 4180        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

14:59:14.0006 4180        WdiServiceHost - ok

14:59:14.0006 4180        WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

14:59:14.0225 4180        WdiSystemHost - ok

14:59:14.0318 4180        WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

14:59:14.0521 4180        WebClient - ok

14:59:14.0599 4180        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

14:59:14.0818 4180        Wecsvc - ok

14:59:14.0864 4180        wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

14:59:15.0083 4180        wercplsupport - ok

14:59:15.0161 4180        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

14:59:15.0395 4180        WerSvc - ok

14:59:15.0582 4180        WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

14:59:15.0613 4180        WinDefend - ok

14:59:15.0629 4180        WinHttpAutoProxySvc - ok

14:59:15.0754 4180        Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

14:59:16.0331 4180        Winmgmt - ok

14:59:16.0612 4180        WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

14:59:17.0002 4180        WinRM - ok

14:59:17.0142 4180        winusb          (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys

14:59:17.0220 4180        winusb - ok

14:59:17.0438 4180        Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

14:59:17.0766 4180        Wlansvc - ok

14:59:17.0828 4180        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

14:59:17.0891 4180        WmiAcpi - ok

14:59:18.0016 4180        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

14:59:18.0094 4180        wmiApSrv - ok

14:59:18.0343 4180        WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

14:59:18.0468 4180        WMPNetworkSvc - ok

14:59:18.0546 4180        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

14:59:18.0827 4180        WPCSvc - ok

14:59:18.0936 4180        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

14:59:19.0201 4180        WPDBusEnum - ok

14:59:19.0279 4180        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

14:59:19.0326 4180        WpdUsb - ok

14:59:19.0622 4180        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

14:59:19.0794 4180        WPFFontCache_v0400 - ok

14:59:19.0825 4180        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

14:59:19.0919 4180        ws2ifsl - ok

14:59:19.0981 4180        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll

14:59:20.0200 4180        wscsvc - ok

14:59:20.0200 4180        WSearch - ok

14:59:20.0668 4180        wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll

14:59:20.0980 4180        wuauserv - ok

14:59:21.0307 4180        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:59:21.0370 4180        WUDFRd - ok

14:59:21.0416 4180        wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

14:59:21.0682 4180        wudfsvc - ok

14:59:21.0713 4180        yukonwlh        (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys

14:59:21.0900 4180        yukonwlh - ok

14:59:21.0916 4180        ZTEusbmdm6k - ok

14:59:21.0931 4180        ZTEusbnmea - ok

14:59:21.0947 4180        ZTEusbser6k - ok

14:59:21.0994 4180        MBR (0x1B8)     (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0

14:59:23.0195 4180        \Device\Harddisk0\DR0 - ok

14:59:23.0226 4180        Boot (0x1200)   (dc5bebaa0836eb57b1151d144e9c2b68) \Device\Harddisk0\DR0\Partition0

14:59:23.0242 4180        \Device\Harddisk0\DR0\Partition0 - ok

14:59:23.0242 4180        Boot (0x1200)   (437b759a6a2848136cef98208b1a2512) \Device\Harddisk0\DR0\Partition1

14:59:23.0257 4180        \Device\Harddisk0\DR0\Partition1 - ok

14:59:23.0257 4180        ============================================================

14:59:23.0257 4180        Scan finished

14:59:23.0257 4180        ============================================================

14:59:23.0288 4520        Detected object count: 13

14:59:23.0288 4520        Actual detected object count: 13

15:03:35.0647 4520        ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user

15:03:35.0647 4520        ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:03:35.0663 4520        ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user

15:03:35.0663 4520        ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:03:35.0663 4520        ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user

15:03:35.0663 4520        ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:03:35.0663 4520        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user

15:03:35.0663 4520        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:03:35.0663 4520        FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user

15:03:35.0663 4520        FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:03:35.0679 4520        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

15:03:35.0679 4520        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:03:35.0679 4520        LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

15:03:35.0679 4520        LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:03:35.0679 4520        MpKsld7381dd8 ( ForgedFile.Multi.Generic ) - skipped by user

15:03:35.0679 4520        MpKsld7381dd8 ( ForgedFile.Multi.Generic ) - User select action: Skip 

15:03:35.0679 4520        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

15:03:35.0679 4520        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:03:35.0694 4520        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

15:03:35.0694 4520        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:03:35.0694 4520        ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user

15:03:35.0694 4520        ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:03:35.0710 4520        UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user

15:03:35.0710 4520        UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:03:35.0710 4520        UPnPService ( UnsignedFile.Multi.Generic ) - skipped by user

15:03:35.0710 4520        UPnPService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:03:43.0167 5116        Deinitialize success

Mehr ist nicht im Log drinnen. :pfui: weil ich geglaubt habe so viel... war unnötig.

lg

Zitat:

weil ich geglaubt habe so viel... war unnötig.

Du möchtest doch bitte die Logs einfach nur vollständig posten!

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

:confused: entschuldigung ich glaube das hast du jetzt falsch verstanden... ich habe gemeint das der TDSS-Killer so viel gefunden hat ( und das nach meinen Verständiss nicht so gut ist) und darum :pfui: !
Ich bin dir wirklich sehr dankbar das du mir hilfst.

[code]
Combofix Logfile:

Code:

ComboFix 12-08-05.02 - Vroni 06.08.2012  16:18:52.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.3071.1952 [GMT 2:00]

ausgeführt von:: c:\users\Vroni\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Common Files\ASPG_icon.ico

c:\programdata\vhxukcdgwtaesys

c:\users\Vroni\AppData\Roaming\602024875.log

c:\windows\IsUn0407.exe

c:\windows\msvcr71.dll

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

c:\windows\unin0407.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-07-06 bis 2012-08-06  ))))))))))))))))))))))))))))))

.

.

2012-08-06 14:32 . 2012-08-06 14:32        --------        d-----w-        c:\users\Vroni\AppData\Local\temp

2012-08-06 14:32 . 2012-08-06 14:32        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-08-06 13:11 . 2012-08-06 13:11        29904        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6235D29E-3F02-4316-BBDB-A31613DC0523}\MpKsl9111d226.sys

2012-08-05 14:31 . 2012-06-29 08:44        6891424        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6235D29E-3F02-4316-BBDB-A31613DC0523}\mpengine.dll

2012-08-03 13:04 . 2012-06-29 08:44        6891424        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-02 04:46 . 2012-08-02 04:46        --------        d-----w-        C:\_OTL

2012-07-26 17:42 . 2012-07-26 17:42        --------        d-----w-        c:\users\Vroni\AppData\Local\Macromedia

2012-07-26 17:41 . 2012-07-26 17:41        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2012-07-25 11:38 . 2012-07-25 11:38        --------        d-----w-        c:\program files\ESET

2012-07-23 20:29 . 2012-07-23 20:29        --------        d-----w-        c:\users\Vroni\AppData\Roaming\Malwarebytes

2012-07-23 20:28 . 2012-07-23 20:28        --------        d-----w-        c:\programdata\Malwarebytes

2012-07-23 20:28 . 2012-08-06 14:15        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-07-22 17:58 . 2012-07-22 17:58        --------        d-----w-        c:\users\Vroni\AppData\Local\Apple

2012-07-22 15:10 . 2012-07-22 18:13        --------        d-----w-        c:\users\Vroni\AppData\Roaming\GlarySoft

2012-07-22 13:19 . 2012-07-22 13:19        --------        d-----w-        c:\users\Vroni\{6ea777ac-cad2-4119-adb1-f85e1458b3ec}

2012-07-20 12:34 . 2012-07-25 09:49        --------        d-----w-        c:\programdata\olbdvxfbegvdtbk

2012-07-12 06:13 . 2012-06-13 13:40        2047488        ----a-w-        c:\windows\system32\win32k.sys

2012-07-11 06:46 . 2012-06-05 16:47        708608        ----a-w-        c:\program files\Common Files\System\ado\msado15.dll

2012-07-11 06:46 . 2012-06-05 16:47        1401856        ----a-w-        c:\windows\system32\msxml6.dll

2012-07-11 06:46 . 2012-06-05 16:47        1248768        ----a-w-        c:\windows\system32\msxml3.dll

2012-07-11 06:45 . 2012-06-04 15:26        440704        ----a-w-        c:\windows\system32\drivers\ksecdd.sys

2012-07-11 06:45 . 2012-06-02 00:04        278528        ----a-w-        c:\windows\system32\schannel.dll

2012-07-11 06:45 . 2012-06-02 00:03        204288        ----a-w-        c:\windows\system32\ncrypt.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-02 04:48 . 2008-10-31 20:56        45056        ----a-w-        c:\windows\system32\acovcnt.exe

2012-07-26 17:41 . 2011-08-19 12:00        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-02 22:19 . 2012-06-22 06:10        53784        ----a-w-        c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 06:10        45080        ----a-w-        c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 06:09        35864        ----a-w-        c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 06:09        577048        ----a-w-        c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-22 06:10        1933848        ----a-w-        c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-22 06:10        2422272        ----a-w-        c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-22 06:09        88576        ----a-w-        c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-22 06:09        171904        ----a-w-        c:\windows\system32\wuwebv.dll

2012-06-02 13:12 . 2012-06-22 06:09        33792        ----a-w-        c:\windows\system32\wuapp.exe

2008-07-02 02:28 . 2008-07-02 02:28        61440        ----a-w-        c:\program files\Common Files\CPInstallAction.dll

2012-07-19 13:01 . 2012-03-22 20:37        136672        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 00:08        143360        ----a-w-        c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]

"Microsoft Security Client User Interface"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]

"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]

"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]

"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-25 54672]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"Skytel"="Skytel.exe" [2008-08-12 1833504]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

.

c:\users\Vroni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"HP Software Update"=d:\hp software update\HPWuSchd2.exe

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="D:\iTunesHelper.exe"

"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe"

"ATKMEDIA"=c:\program files\ASUS\ATK Media\DMedia.exe

"ASUS Camera ScreenSaver"=c:\windows\AsScrProlog.exe

"ASUS Screen Saver Protector"=c:\windows\ASScrPro.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - MPKSL9111D226

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

WindowsMobile        REG_MULTI_SZ           wcescomm rapimgr

LocalServiceRestricted        REG_MULTI_SZ           WcesComm RapiMgr

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 17:14        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhalt des "geplante Tasks" Ordners

.

2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 08:21]

.

2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 08:21]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\Vroni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 212.33.55.5 212.33.32.160

FF - ProfilePath - c:\users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\n6gbonvb.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.at

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-08-06 16:32

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

.

C:\ADSM_PData_0150

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 1

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{33420e29-6319-49a4-b419-f73ef867e746}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:0f001e8c

"Dhcpv6State"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{43b3a21d-ad89-4897-b996-0be9e8d7f5fd}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:1a020054

"Dhcpv6State"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:07001422

"Dhcpv6State"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{b285989a-b40e-43b1-848e-ffaf486cd157}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:11002243

"Dhcpv6State"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:0c001422

"Dhcpv6State"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{db5d69ae-4b8e-4b8f-8b1a-9ed28c96f23c}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:0d002354

"Dhcpv6State"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:06001422

"Dhcpv6State"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:0e001422

"Dhcpv6State"=dword:00000000

.

Zeit der Fertigstellung: 2012-08-06  16:37:28

ComboFix-quarantined-files.txt  2012-08-06 14:37

.

Vor Suchlauf: 7 Verzeichnis(se), 98.150.203.392 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 99.097.653.248 Bytes frei

.

- - End Of File - - BD0E13C5B2233CD3AF3C8A391F0957FB

--- --- ---

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

Folder::

c:\programdata\olbdvxfbegvdtbk

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

[code]
Combofix Logfile:

Code:

ComboFix 12-08-05.02 - Vroni 06.08.2012  22:10:45.2.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.3071.1931 [GMT 2:00]

ausgeführt von:: c:\users\Vroni\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\Vroni\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\olbdvxfbegvdtbk

c:\programdata\olbdvxfbegvdtbk\at-flag.png

c:\programdata\olbdvxfbegvdtbk\at-image.png

c:\programdata\olbdvxfbegvdtbk\btn-green.png

c:\programdata\olbdvxfbegvdtbk\corners-btn.png

c:\programdata\olbdvxfbegvdtbk\corners1.png

c:\programdata\olbdvxfbegvdtbk\corners2.png

c:\programdata\olbdvxfbegvdtbk\corners3.png

c:\programdata\olbdvxfbegvdtbk\corners4.png

c:\programdata\olbdvxfbegvdtbk\ie6-7.css

c:\programdata\olbdvxfbegvdtbk\jquery.main.js

c:\programdata\olbdvxfbegvdtbk\McAfee.png

c:\programdata\olbdvxfbegvdtbk\pay17.png

c:\programdata\olbdvxfbegvdtbk\steps-de.png

c:\programdata\olbdvxfbegvdtbk\steps-en.png

c:\programdata\olbdvxfbegvdtbk\style.css

c:\programdata\olbdvxfbegvdtbk\tabs.png

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-07-06 bis 2012-08-06  ))))))))))))))))))))))))))))))

.

.

2012-08-06 20:21 . 2012-08-06 20:22        --------        d-----w-        c:\users\Vroni\AppData\Local\temp

2012-08-06 20:21 . 2012-08-06 20:21        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-08-06 15:04 . 2012-06-29 08:44        6891424        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92AFA062-D30C-4405-B247-5621E6EC1007}\mpengine.dll

2012-08-06 14:41 . 2012-06-29 08:44        6891424        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-02 04:46 . 2012-08-02 04:46        --------        d-----w-        C:\_OTL

2012-07-26 17:42 . 2012-07-26 17:42        --------        d-----w-        c:\users\Vroni\AppData\Local\Macromedia

2012-07-26 17:41 . 2012-07-26 17:41        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2012-07-25 11:38 . 2012-07-25 11:38        --------        d-----w-        c:\program files\ESET

2012-07-23 20:29 . 2012-07-23 20:29        --------        d-----w-        c:\users\Vroni\AppData\Roaming\Malwarebytes

2012-07-23 20:28 . 2012-07-23 20:28        --------        d-----w-        c:\programdata\Malwarebytes

2012-07-22 17:58 . 2012-07-22 17:58        --------        d-----w-        c:\users\Vroni\AppData\Local\Apple

2012-07-22 15:10 . 2012-07-22 18:13        --------        d-----w-        c:\users\Vroni\AppData\Roaming\GlarySoft

2012-07-22 13:19 . 2012-07-22 13:19        --------        d-----w-        c:\users\Vroni\{6ea777ac-cad2-4119-adb1-f85e1458b3ec}

2012-07-12 06:13 . 2012-06-13 13:40        2047488        ----a-w-        c:\windows\system32\win32k.sys

2012-07-11 06:46 . 2012-06-05 16:47        708608        ----a-w-        c:\program files\Common Files\System\ado\msado15.dll

2012-07-11 06:46 . 2012-06-05 16:47        1401856        ----a-w-        c:\windows\system32\msxml6.dll

2012-07-11 06:46 . 2012-06-05 16:47        1248768        ----a-w-        c:\windows\system32\msxml3.dll

2012-07-11 06:45 . 2012-06-04 15:26        440704        ----a-w-        c:\windows\system32\drivers\ksecdd.sys

2012-07-11 06:45 . 2012-06-02 00:04        278528        ----a-w-        c:\windows\system32\schannel.dll

2012-07-11 06:45 . 2012-06-02 00:03        204288        ----a-w-        c:\windows\system32\ncrypt.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-02 04:48 . 2008-10-31 20:56        45056        ----a-w-        c:\windows\system32\acovcnt.exe

2012-07-26 17:41 . 2011-08-19 12:00        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-02 22:19 . 2012-06-22 06:10        53784        ----a-w-        c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 06:10        45080        ----a-w-        c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 06:09        35864        ----a-w-        c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 06:09        577048        ----a-w-        c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-22 06:10        1933848        ----a-w-        c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-22 06:10        2422272        ----a-w-        c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-22 06:09        88576        ----a-w-        c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-22 06:09        171904        ----a-w-        c:\windows\system32\wuwebv.dll

2012-06-02 13:12 . 2012-06-22 06:09        33792        ----a-w-        c:\windows\system32\wuapp.exe

2008-07-02 02:28 . 2008-07-02 02:28        61440        ----a-w-        c:\program files\Common Files\CPInstallAction.dll

2012-07-19 13:01 . 2012-03-22 20:37        136672        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 00:08        143360        ----a-w-        c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]

"Microsoft Security Client User Interface"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]

"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]

"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]

"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-25 54672]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"Skytel"="Skytel.exe" [2008-08-12 1833504]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

.

c:\users\Vroni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"HP Software Update"=d:\hp software update\HPWuSchd2.exe

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="D:\iTunesHelper.exe"

"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe"

"ATKMEDIA"=c:\program files\ASUS\ATK Media\DMedia.exe

"ASUS Camera ScreenSaver"=c:\windows\AsScrProlog.exe

"ASUS Screen Saver Protector"=c:\windows\ASScrPro.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - MPKSLE1915210

*NewlyCreated* - WS2IFSL

*Deregistered* - MpKsle1915210

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

WindowsMobile        REG_MULTI_SZ           wcescomm rapimgr

LocalServiceRestricted        REG_MULTI_SZ           WcesComm RapiMgr

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 17:14        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhalt des "geplante Tasks" Ordners

.

2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 08:21]

.

2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 08:21]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\Vroni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 212.33.55.5 212.33.32.160

FF - ProfilePath - c:\users\Vroni\AppData\Roaming\Mozilla\Firefox\Profiles\n6gbonvb.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.at

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-08-06 22:22

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2012-08-06  22:26:00

ComboFix-quarantined-files.txt  2012-08-06 20:25

ComboFix2.txt  2012-08-06 14:37

.

Vor Suchlauf: 12 Verzeichnis(se), 97.084.891.136 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 97.059.381.248 Bytes frei

.

- - End Of File - - 8B1BF5870BF36AC8697FD65430904B9B

--- --- ---

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Hallo,

irgendwie funktioniert das bei mir überhaupt nicht.
GMER kann ich nicht runterladen,weil bei dem LINK kommt immer eine leere Seite mit Erro.
Und wenn ich OSAM runterlade, zeigt der Pc sie mir als Mediendatei an, bei der sich nichts entpacken lässt?!
Sorry hab´s ein paar Mal probiert.

Lg Vroni:heulen:

Nimm von gmer das Archiv => http://www2.gmer.net/gmer.zip
Runterladen, entpacken, ausführen

Dasselbe mit OSAM => runterladen egal als was für ein Dateityp Windows meint das erkennen zu müssen => Rechtsklick => 7zip => entpacken nach "osam-portable....."