Trojaner-Board - Trojaner & Roo/Tdds erfolglos bekämpft?

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Trojaner & Roo/Tdds erfolglos bekämpft? (https://www.trojaner-board.de/103577-trojaner-roo-tdds-erfolglos-bekaempft.html)

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Das Tool sieht irgendwie anders aus als beim letzten Mal und auf dem Screenshot. Hier der Report:

Code:

14:59:18.0586 3316        TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37

14:59:18.0975 3316        ============================================================

14:59:18.0975 3316        Current date / time: 2011/09/24 14:59:18.0975

14:59:18.0975 3316        SystemInfo:

14:59:18.0975 3316        

14:59:18.0975 3316        OS Version: 6.0.6002 ServicePack: 2.0

14:59:18.0975 3316        Product type: Workstation

14:59:18.0975 3316        ComputerName: XB-PC

14:59:18.0976 3316        UserName: XB

14:59:18.0976 3316        Windows directory: C:\Windows

14:59:18.0976 3316        System windows directory: C:\Windows

14:59:18.0976 3316        Processor architecture: Intel x86

14:59:18.0976 3316        Number of processors: 2

14:59:18.0976 3316        Page size: 0x1000

14:59:18.0976 3316        Boot type: Normal boot

14:59:18.0976 3316        ============================================================

14:59:19.0511 3316        Initialize success

14:59:39.0540 3444        ============================================================

14:59:39.0540 3444        Scan started

14:59:39.0541 3444        Mode: Manual; 

14:59:39.0541 3444        ============================================================

14:59:39.0908 3444        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

14:59:39.0911 3444        ACPI - ok

14:59:39.0997 3444        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

14:59:40.0003 3444        adp94xx - ok

14:59:40.0044 3444        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

14:59:40.0049 3444        adpahci - ok

14:59:40.0086 3444        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

14:59:40.0087 3444        adpu160m - ok

14:59:40.0124 3444        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

14:59:40.0127 3444        adpu320 - ok

14:59:40.0243 3444        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

14:59:40.0247 3444        AFD - ok

14:59:40.0284 3444        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

14:59:40.0286 3444        agp440 - ok

14:59:40.0322 3444        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

14:59:40.0324 3444        aic78xx - ok

14:59:40.0369 3444        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

14:59:40.0370 3444        aliide - ok

14:59:40.0401 3444        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

14:59:40.0402 3444        amdagp - ok

14:59:40.0429 3444        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

14:59:40.0430 3444        amdide - ok

14:59:40.0474 3444        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

14:59:40.0475 3444        AmdK7 - ok

14:59:40.0508 3444        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

14:59:40.0509 3444        AmdK8 - ok

14:59:40.0569 3444        ApfiltrService  (1de27858a431a5749e0f3df54ba935b9) C:\Windows\system32\DRIVERS\Apfiltr.sys

14:59:40.0572 3444        ApfiltrService - ok

14:59:40.0612 3444        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

14:59:40.0614 3444        arc - ok

14:59:40.0668 3444        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

14:59:40.0670 3444        arcsas - ok

14:59:40.0728 3444        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

14:59:40.0730 3444        AsyncMac - ok

14:59:40.0758 3444        atapi           (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys

14:59:40.0759 3444        atapi - ok

14:59:40.0940 3444        atikmdag        (ac9e487e3513561e4f7953c438727ff7) C:\Windows\system32\DRIVERS\atikmdag.sys

14:59:40.0993 3444        atikmdag - ok

14:59:41.0040 3444        atksgt          (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys

14:59:41.0044 3444        atksgt - ok

14:59:41.0123 3444        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys

14:59:41.0124 3444        avgntflt - ok

14:59:41.0156 3444        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys

14:59:41.0159 3444        avipbb - ok

14:59:41.0239 3444        BCM42RLY        (bcb27987aaf7962c72b0f337a201cc28) C:\Windows\system32\drivers\BCM42RLY.sys

14:59:41.0240 3444        BCM42RLY - ok

14:59:41.0318 3444        BCM43XX         (b2134f695efd5eb392e906ac2413452e) C:\Windows\system32\DRIVERS\bcmwl6.sys

14:59:41.0334 3444        BCM43XX - ok

14:59:41.0383 3444        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

14:59:41.0384 3444        Beep - ok

14:59:41.0422 3444        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

14:59:41.0423 3444        blbdrive - ok

14:59:41.0494 3444        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

14:59:41.0496 3444        bowser - ok

14:59:41.0537 3444        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

14:59:41.0538 3444        BrFiltLo - ok

14:59:41.0591 3444        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

14:59:41.0592 3444        BrFiltUp - ok

14:59:41.0650 3444        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

14:59:41.0652 3444        Brserid - ok

14:59:41.0746 3444        BrSerIf         (1a5fc78e41840edf79d65ec16eff2787) C:\Windows\system32\Drivers\BrSerIf.sys

14:59:41.0748 3444        BrSerIf - ok

14:59:41.0778 3444        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

14:59:41.0780 3444        BrSerWdm - ok

14:59:41.0812 3444        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

14:59:41.0813 3444        BrUsbMdm - ok

14:59:41.0839 3444        BrUsbSer        (a24c7b39602218f8dbdb2b6704325fc7) C:\Windows\system32\Drivers\BrUsbSer.sys

14:59:41.0840 3444        BrUsbSer - ok

14:59:41.0876 3444        BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys

14:59:41.0877 3444        BthEnum - ok

14:59:41.0929 3444        BTHMODEM        (5ffa6988ff9597986ff2ada736cc90c0) C:\Windows\system32\DRIVERS\bthmodem.sys

14:59:41.0930 3444        BTHMODEM - ok

14:59:41.0982 3444        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

14:59:41.0984 3444        BthPan - ok

14:59:42.0052 3444        BthPort         (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys

14:59:42.0059 3444        BthPort - ok

14:59:42.0118 3444        BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys

14:59:42.0120 3444        BTHUSB - ok

14:59:42.0171 3444        btwaudio        (58c4b59d0ebfb637e2e296cf4a686ba0) C:\Windows\system32\drivers\btwaudio.sys

14:59:42.0172 3444        btwaudio - ok

14:59:42.0209 3444        btwavdt         (e8cc9436cc464d6975adbc4aece0ba7b) C:\Windows\system32\drivers\btwavdt.sys

14:59:42.0211 3444        btwavdt - ok

14:59:42.0241 3444        btwl2cap        (ecb98391c756a7b9cfbae89d9d1235e1) C:\Windows\system32\DRIVERS\btwl2cap.sys

14:59:42.0243 3444        btwl2cap - ok

14:59:42.0272 3444        btwrchid        (62ed55843f8216eb25a909a820613033) C:\Windows\system32\DRIVERS\btwrchid.sys

14:59:42.0273 3444        btwrchid - ok

14:59:42.0342 3444        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

14:59:42.0344 3444        cdfs - ok

14:59:42.0388 3444        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

14:59:42.0390 3444        cdrom - ok

14:59:42.0420 3444        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys

14:59:42.0421 3444        circlass - ok

14:59:42.0475 3444        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

14:59:42.0480 3444        CLFS - ok

14:59:42.0524 3444        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

14:59:42.0525 3444        CmBatt - ok

14:59:42.0554 3444        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

14:59:42.0556 3444        cmdide - ok

14:59:42.0591 3444        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

14:59:42.0592 3444        Compbatt - ok

14:59:42.0614 3444        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

14:59:42.0616 3444        crcdisk - ok

14:59:42.0673 3444        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

14:59:42.0674 3444        Crusoe - ok

14:59:42.0765 3444        CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys

14:59:42.0766 3444        CVirtA - ok

14:59:42.0860 3444        CVPNDRVA        (720482888c3778f26eeb83d286a6cdc3) C:\Windows\system32\Drivers\CVPNDRVA.sys

14:59:42.0864 3444        CVPNDRVA - ok

14:59:42.0965 3444        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

14:59:42.0967 3444        DfsC - ok

14:59:42.0995 3444        DgiVecp - ok

14:59:43.0091 3444        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

14:59:43.0092 3444        disk - ok

14:59:43.0153 3444        DNE             (86d52c32a308f84bbc626bff7c1fb710) C:\Windows\system32\DRIVERS\dne2000.sys

14:59:43.0155 3444        DNE - ok

14:59:43.0229 3444        Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

14:59:43.0232 3444        Dot4 - ok

14:59:43.0297 3444        Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

14:59:43.0298 3444        Dot4Print - ok

14:59:43.0361 3444        dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

14:59:43.0363 3444        dot4usb - ok

14:59:43.0416 3444        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

14:59:43.0417 3444        drmkaud - ok

14:59:43.0497 3444        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

14:59:43.0505 3444        DXGKrnl - ok

14:59:43.0552 3444        e1express       (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys

14:59:43.0555 3444        e1express - ok

14:59:43.0600 3444        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

14:59:43.0602 3444        E1G60 - ok

14:59:43.0709 3444        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

14:59:43.0711 3444        Ecache - ok

14:59:43.0777 3444        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

14:59:43.0782 3444        elxstor - ok

14:59:43.0843 3444        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

14:59:43.0844 3444        ErrDev - ok

14:59:43.0900 3444        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

14:59:43.0903 3444        exfat - ok

14:59:43.0950 3444        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

14:59:43.0952 3444        fastfat - ok

14:59:43.0982 3444        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

14:59:43.0983 3444        fdc - ok

14:59:44.0027 3444        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

14:59:44.0029 3444        FileInfo - ok

14:59:44.0054 3444        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

14:59:44.0056 3444        Filetrace - ok

14:59:44.0080 3444        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

14:59:44.0081 3444        flpydisk - ok

14:59:44.0120 3444        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

14:59:44.0123 3444        FltMgr - ok

14:59:44.0154 3444        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

14:59:44.0155 3444        Fs_Rec - ok

14:59:44.0188 3444        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

14:59:44.0189 3444        gagp30kx - ok

14:59:44.0280 3444        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

14:59:44.0283 3444        HdAudAddService - ok

14:59:44.0320 3444        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:59:44.0328 3444        HDAudBus - ok

14:59:44.0360 3444        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

14:59:44.0361 3444        HidBth - ok

14:59:44.0395 3444        HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys

14:59:44.0396 3444        HidIr - ok

14:59:44.0420 3444        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

14:59:44.0421 3444        HidUsb - ok

14:59:44.0462 3444        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

14:59:44.0463 3444        HpCISSs - ok

14:59:44.0533 3444        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

14:59:44.0539 3444        HTTP - ok

14:59:44.0604 3444        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

14:59:44.0605 3444        i2omp - ok

14:59:44.0654 3444        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

14:59:44.0656 3444        i8042prt - ok

14:59:44.0742 3444        iaStor          (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys

14:59:44.0746 3444        iaStor - ok

14:59:44.0788 3444        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

14:59:44.0792 3444        iaStorV - ok

14:59:44.0832 3444        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

14:59:44.0833 3444        iirsp - ok

14:59:44.0877 3444        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

14:59:44.0878 3444        intelide - ok

14:59:44.0926 3444        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

14:59:44.0928 3444        intelppm - ok

14:59:44.0961 3444        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:59:44.0963 3444        IpFilterDriver - ok

14:59:44.0983 3444        IpInIp - ok

14:59:45.0020 3444        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

14:59:45.0022 3444        IPMIDRV - ok

14:59:45.0058 3444        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

14:59:45.0060 3444        IPNAT - ok

14:59:45.0100 3444        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

14:59:45.0102 3444        IRENUM - ok

14:59:45.0143 3444        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

14:59:45.0145 3444        isapnp - ok

14:59:45.0201 3444        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

14:59:45.0204 3444        iScsiPrt - ok

14:59:45.0246 3444        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

14:59:45.0248 3444        iteatapi - ok

14:59:45.0285 3444        itecir          (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys

14:59:45.0287 3444        itecir - ok

14:59:45.0324 3444        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

14:59:45.0326 3444        iteraid - ok

14:59:45.0390 3444        k57nd60x        (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys

14:59:45.0394 3444        k57nd60x - ok

14:59:45.0420 3444        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

14:59:45.0422 3444        kbdclass - ok

14:59:45.0455 3444        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

14:59:45.0456 3444        kbdhid - ok

14:59:45.0529 3444        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

14:59:45.0536 3444        KSecDD - ok

14:59:45.0695 3444        Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

14:59:45.0696 3444        Lavasoft Kernexplorer - ok

14:59:45.0809 3444        Lbd             (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys

14:59:45.0811 3444        Lbd - ok

14:59:45.0876 3444        lirsgt          (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys

14:59:45.0877 3444        lirsgt - ok

14:59:45.0932 3444        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

14:59:45.0935 3444        lltdio - ok

14:59:45.0998 3444        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

14:59:46.0000 3444        LSI_FC - ok

14:59:46.0038 3444        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

14:59:46.0040 3444        LSI_SAS - ok

14:59:46.0077 3444        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

14:59:46.0079 3444        LSI_SCSI - ok

14:59:46.0119 3444        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

14:59:46.0121 3444        luafv - ok

14:59:46.0188 3444        MBAMProtector   (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys

14:59:46.0189 3444        MBAMProtector - ok

14:59:46.0235 3444        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

14:59:46.0236 3444        megasas - ok

14:59:46.0286 3444        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

14:59:46.0291 3444        MegaSR - ok

14:59:46.0332 3444        MEMSWEEP2 - ok

14:59:46.0358 3444        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

14:59:46.0360 3444        Modem - ok

14:59:46.0403 3444        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

14:59:46.0404 3444        monitor - ok

14:59:46.0430 3444        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

14:59:46.0432 3444        mouclass - ok

14:59:46.0455 3444        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

14:59:46.0456 3444        mouhid - ok

14:59:46.0480 3444        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

14:59:46.0482 3444        MountMgr - ok

14:59:46.0521 3444        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

14:59:46.0523 3444        mpio - ok

14:59:46.0560 3444        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

14:59:46.0562 3444        mpsdrv - ok

14:59:46.0623 3444        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

14:59:46.0625 3444        Mraid35x - ok

14:59:46.0714 3444        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

14:59:46.0716 3444        MRxDAV - ok

14:59:46.0781 3444        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:59:46.0783 3444        mrxsmb - ok

14:59:46.0838 3444        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:59:46.0842 3444        mrxsmb10 - ok

14:59:46.0881 3444        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:59:46.0883 3444        mrxsmb20 - ok

14:59:46.0938 3444        msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys

14:59:46.0940 3444        msahci - ok

14:59:46.0973 3444        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

14:59:46.0975 3444        msdsm - ok

14:59:47.0023 3444        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

14:59:47.0024 3444        Msfs - ok

14:59:47.0048 3444        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

14:59:47.0050 3444        msisadrv - ok

14:59:47.0096 3444        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

14:59:47.0097 3444        MSKSSRV - ok

14:59:47.0122 3444        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

14:59:47.0123 3444        MSPCLOCK - ok

14:59:47.0152 3444        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

14:59:47.0153 3444        MSPQM - ok

14:59:47.0198 3444        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

14:59:47.0201 3444        MsRPC - ok

14:59:47.0233 3444        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

14:59:47.0235 3444        mssmbios - ok

14:59:47.0258 3444        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

14:59:47.0259 3444        MSTEE - ok

14:59:47.0302 3444        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

14:59:47.0304 3444        Mup - ok

14:59:47.0358 3444        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

14:59:47.0361 3444        NativeWifiP - ok

14:59:47.0398 3444        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

14:59:47.0406 3444        NDIS - ok

14:59:47.0428 3444        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

14:59:47.0430 3444        NdisTapi - ok

14:59:47.0471 3444        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

14:59:47.0472 3444        Ndisuio - ok

14:59:47.0505 3444        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

14:59:47.0507 3444        NdisWan - ok

14:59:47.0557 3444        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

14:59:47.0559 3444        NDProxy - ok

14:59:47.0591 3444        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

14:59:47.0593 3444        NetBIOS - ok

14:59:47.0629 3444        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

14:59:47.0632 3444        netbt - ok

14:59:47.0699 3444        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

14:59:47.0700 3444        nfrd960 - ok

14:59:47.0760 3444        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

14:59:47.0761 3444        Npfs - ok

14:59:47.0784 3444        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

14:59:47.0786 3444        nsiproxy - ok

14:59:47.0878 3444        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

14:59:47.0894 3444        Ntfs - ok

14:59:47.0919 3444        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

14:59:47.0920 3444        ntrigdigi - ok

14:59:47.0939 3444        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

14:59:47.0942 3444        Null - ok

14:59:47.0979 3444        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

14:59:47.0981 3444        nvraid - ok

14:59:48.0008 3444        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

14:59:48.0010 3444        nvstor - ok

14:59:48.0041 3444        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

14:59:48.0043 3444        nv_agp - ok

14:59:48.0059 3444        NwlnkFlt - ok

14:59:48.0080 3444        NwlnkFwd - ok

14:59:48.0134 3444        OA001Ufd        (9b7cd7151a7c4009c383396155f02b95) C:\Windows\system32\DRIVERS\OA001Ufd.sys

14:59:48.0136 3444        OA001Ufd - ok

14:59:48.0168 3444        OA001Vid        (cdcdad303a9208cf3513400ef2a05f80) C:\Windows\system32\DRIVERS\OA001Vid.sys

14:59:48.0172 3444        OA001Vid - ok

14:59:48.0241 3444        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

14:59:48.0243 3444        ohci1394 - ok

14:59:48.0299 3444        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

14:59:48.0301 3444        Parport - ok

14:59:48.0351 3444        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

14:59:48.0353 3444        partmgr - ok

14:59:48.0388 3444        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

14:59:48.0389 3444        Parvdm - ok

14:59:48.0425 3444        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

14:59:48.0428 3444        pci - ok

14:59:48.0467 3444        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

14:59:48.0468 3444        pciide - ok

14:59:48.0502 3444        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

14:59:48.0505 3444        pcmcia - ok

14:59:48.0575 3444        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

14:59:48.0588 3444        PEAUTH - ok

14:59:48.0687 3444        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

14:59:48.0689 3444        PptpMiniport - ok

14:59:48.0731 3444        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

14:59:48.0732 3444        Processor - ok

14:59:48.0784 3444        prodrv06        (e87132348aaa995fcb3a8870f0da525d) C:\Windows\System32\drivers\prodrv06.sys

14:59:48.0786 3444        prodrv06 - ok

14:59:48.0838 3444        prohlp02        (efa0b90d3f2ddd18f064f94a3e9aa503) C:\Windows\system32\drivers\prohlp02.sys

14:59:48.0841 3444        prohlp02 - ok

14:59:48.0881 3444        prosync1        (cc3d1bb199cbb576b0fbaaba626b6714) C:\Windows\system32\drivers\prosync1.sys

14:59:48.0882 3444        prosync1 - ok

14:59:48.0946 3444        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

14:59:48.0948 3444        PSched - ok

14:59:49.0031 3444        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

14:59:49.0048 3444        ql2300 - ok

14:59:49.0095 3444        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

14:59:49.0097 3444        ql40xx - ok

14:59:49.0142 3444        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

14:59:49.0144 3444        QWAVEdrv - ok

14:59:49.0302 3444        R300            (ac9e487e3513561e4f7953c438727ff7) C:\Windows\system32\DRIVERS\atikmdag.sys

14:59:49.0354 3444        R300 - ok

14:59:49.0380 3444        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

14:59:49.0381 3444        RasAcd - ok

14:59:49.0437 3444        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:59:49.0439 3444        Rasl2tp - ok

14:59:49.0481 3444        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

14:59:49.0483 3444        RasPppoe - ok

14:59:49.0512 3444        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

14:59:49.0515 3444        RasSstp - ok

14:59:49.0560 3444        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

14:59:49.0564 3444        rdbss - ok

14:59:49.0634 3444        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:59:49.0635 3444        RDPCDD - ok

14:59:49.0681 3444        rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

14:59:49.0685 3444        rdpdr - ok

14:59:49.0704 3444        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

14:59:49.0706 3444        RDPENCDD - ok

14:59:49.0767 3444        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

14:59:49.0770 3444        RDPWD - ok

14:59:49.0857 3444        RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys

14:59:49.0859 3444        RFCOMM - ok

14:59:49.0916 3444        rimmptsk        (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys

14:59:49.0918 3444        rimmptsk - ok

14:59:49.0937 3444        rimsptsk        (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys

14:59:49.0939 3444        rimsptsk - ok

14:59:49.0960 3444        rismxdp         (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys

14:59:49.0962 3444        rismxdp - ok

14:59:50.0015 3444        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

14:59:50.0017 3444        rspndr - ok

14:59:50.0059 3444        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

14:59:50.0061 3444        sbp2port - ok

14:59:50.0116 3444        sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

14:59:50.0118 3444        sdbus - ok

14:59:50.0154 3444        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

14:59:50.0156 3444        secdrv - ok

14:59:50.0190 3444        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

14:59:50.0191 3444        Serenum - ok

14:59:50.0230 3444        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

14:59:50.0232 3444        Serial - ok

14:59:50.0269 3444        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

14:59:50.0270 3444        sermouse - ok

14:59:50.0322 3444        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

14:59:50.0323 3444        sffdisk - ok

14:59:50.0358 3444        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

14:59:50.0360 3444        sffp_mmc - ok

14:59:50.0402 3444        sffp_sd         (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys

14:59:50.0403 3444        sffp_sd - ok

14:59:50.0448 3444        sfhlp01         (95654a66531b8a198d0d5d153cc95f8e) C:\Windows\system32\drivers\sfhlp01.sys

14:59:50.0450 3444        sfhlp01 - ok

14:59:50.0482 3444        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

14:59:50.0483 3444        sfloppy - ok

14:59:50.0559 3444        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

14:59:50.0561 3444        sisagp - ok

14:59:50.0598 3444        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

14:59:50.0600 3444        SiSRaid2 - ok

14:59:50.0636 3444        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

14:59:50.0638 3444        SiSRaid4 - ok

14:59:50.0748 3444        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

14:59:50.0750 3444        Smb - ok

14:59:50.0787 3444        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

14:59:50.0789 3444        spldr - ok

14:59:50.0871 3444        sptd            (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys

14:59:50.0871 3444        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b

14:59:50.0874 3444        sptd ( LockedFile.Multi.Generic ) - warning

14:59:50.0874 3444        sptd - detected LockedFile.Multi.Generic (1)

14:59:50.0952 3444        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

14:59:50.0957 3444        srv - ok

14:59:51.0036 3444        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

14:59:51.0039 3444        srv2 - ok

14:59:51.0083 3444        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

14:59:51.0085 3444        srvnet - ok

14:59:51.0147 3444        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

14:59:51.0148 3444        ssmdrv - ok

14:59:51.0210 3444        SSPORT          (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys

14:59:51.0211 3444        SSPORT - ok

14:59:51.0271 3444        ss_bus          (5a1d0ca8a5f1e7b4ec50b9d76c001f0e) C:\Windows\system32\DRIVERS\ss_bus.sys

14:59:51.0273 3444        ss_bus - ok

14:59:51.0328 3444        ss_mdfl         (f0a85580e36a3a85059037d39a9cf079) C:\Windows\system32\DRIVERS\ss_mdfl.sys

14:59:51.0329 3444        ss_mdfl - ok

14:59:51.0378 3444        ss_mdm          (84c3dbfd1bfa4adc0a950b3d5506cb00) C:\Windows\system32\DRIVERS\ss_mdm.sys

14:59:51.0381 3444        ss_mdm - ok

14:59:51.0474 3444        StarOpen        (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys

14:59:51.0475 3444        StarOpen - ok

14:59:51.0520 3444        STHDA           (805b1fc7e25613ce2dc93c0759d0aa30) C:\Windows\system32\DRIVERS\stwrt.sys

14:59:51.0526 3444        STHDA - ok

14:59:51.0581 3444        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

14:59:51.0582 3444        swenum - ok

14:59:51.0633 3444        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

14:59:51.0634 3444        Symc8xx - ok

14:59:51.0675 3444        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

14:59:51.0677 3444        Sym_hi - ok

14:59:51.0725 3444        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

14:59:51.0727 3444        Sym_u3 - ok

14:59:51.0865 3444        Tcpip           (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys

14:59:51.0877 3444        Tcpip - ok

14:59:51.0931 3444        Tcpip6          (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys

14:59:51.0944 3444        Tcpip6 - ok

14:59:51.0989 3444        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

14:59:51.0991 3444        tcpipreg - ok

14:59:52.0033 3444        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

14:59:52.0034 3444        TDPIPE - ok

14:59:52.0068 3444        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

14:59:52.0070 3444        TDTCP - ok

14:59:52.0127 3444        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

14:59:52.0129 3444        tdx - ok

14:59:52.0168 3444        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

14:59:52.0170 3444        TermDD - ok

14:59:52.0252 3444        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:59:52.0254 3444        tssecsrv - ok

14:59:52.0291 3444        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

14:59:52.0293 3444        tunmp - ok

14:59:52.0365 3444        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

14:59:52.0366 3444        tunnel - ok

14:59:52.0405 3444        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

14:59:52.0407 3444        uagp35 - ok

14:59:52.0471 3444        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

14:59:52.0475 3444        udfs - ok

14:59:52.0519 3444        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

14:59:52.0521 3444        uliagpkx - ok

14:59:52.0561 3444        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

14:59:52.0565 3444        uliahci - ok

14:59:52.0613 3444        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

14:59:52.0616 3444        UlSata - ok

14:59:52.0672 3444        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

14:59:52.0674 3444        ulsata2 - ok

14:59:52.0725 3444        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

14:59:52.0727 3444        umbus - ok

14:59:52.0831 3444        UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys

14:59:52.0832 3444        UnlockerDriver5 - ok

14:59:52.0907 3444        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

14:59:52.0909 3444        usbccgp - ok

14:59:52.0940 3444        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

14:59:52.0942 3444        usbcir - ok

14:59:52.0980 3444        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

14:59:52.0982 3444        usbehci - ok

14:59:53.0016 3444        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

14:59:53.0019 3444        usbhub - ok

14:59:53.0058 3444        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

14:59:53.0059 3444        usbohci - ok

14:59:53.0102 3444        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

14:59:53.0103 3444        usbprint - ok

14:59:53.0160 3444        usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

14:59:53.0162 3444        usbscan - ok

14:59:53.0215 3444        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:59:53.0217 3444        USBSTOR - ok

14:59:53.0278 3444        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

14:59:53.0280 3444        usbuhci - ok

14:59:53.0318 3444        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

14:59:53.0320 3444        vga - ok

14:59:53.0348 3444        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

14:59:53.0350 3444        VgaSave - ok

14:59:53.0385 3444        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

14:59:53.0387 3444        viaagp - ok

14:59:53.0419 3444        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

14:59:53.0420 3444        ViaC7 - ok

14:59:53.0459 3444        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

14:59:53.0461 3444        viaide - ok

14:59:53.0481 3444        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

14:59:53.0483 3444        volmgr - ok

14:59:53.0547 3444        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

14:59:53.0552 3444        volmgrx - ok

14:59:53.0621 3444        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

14:59:53.0626 3444        volsnap - ok

14:59:53.0668 3444        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

14:59:53.0671 3444        vsmraid - ok

14:59:53.0713 3444        VSTHWBS2        (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS

14:59:53.0717 3444        VSTHWBS2 - ok

14:59:53.0790 3444        VST_DPV         (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

14:59:53.0804 3444        VST_DPV - ok

14:59:53.0860 3444        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

14:59:53.0861 3444        WacomPen - ok

14:59:53.0895 3444        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

14:59:53.0898 3444        Wanarp - ok

14:59:53.0907 3444        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

14:59:53.0910 3444        Wanarpv6 - ok

14:59:53.0957 3444        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

14:59:53.0959 3444        Wd - ok

14:59:54.0005 3444        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

14:59:54.0013 3444        Wdf01000 - ok

14:59:54.0107 3444        winachsf        (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

14:59:54.0116 3444        winachsf - ok

14:59:54.0197 3444        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

14:59:54.0199 3444        WmiAcpi - ok

14:59:54.0258 3444        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

14:59:54.0260 3444        ws2ifsl - ok

14:59:54.0312 3444        WSDPrintDevice  (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys

14:59:54.0313 3444        WSDPrintDevice - ok

14:59:54.0367 3444        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:59:54.0369 3444        WUDFRd - ok

14:59:54.0422 3444        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

14:59:54.0443 3444        \Device\Harddisk0\DR0 - ok

14:59:54.0459 3444        Boot (0x1200)   (2045b22ae7a0c980add1b4130b40a01d) \Device\Harddisk0\DR0\Partition0

14:59:54.0461 3444        \Device\Harddisk0\DR0\Partition0 - ok

14:59:54.0467 3444        Boot (0x1200)   (84e7f347abbc3880d37553383eca1bd2) \Device\Harddisk0\DR0\Partition1

14:59:54.0468 3444        \Device\Harddisk0\DR0\Partition1 - ok

14:59:54.0473 3444        ============================================================

14:59:54.0473 3444        Scan finished

14:59:54.0473 3444        ============================================================

14:59:54.0490 3440        Detected object count: 1

14:59:54.0491 3440        Actual detected object count: 1

15:00:03.0126 3440        sptd ( LockedFile.Multi.Generic ) - skipped by user

15:00:03.0126 3440        sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

So, Combofix ist auch durch:

Code:

ComboFix 11-09-24.01 - XB 24.09.2011  16:38:27.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3581.2688 [GMT 2:00]

ausgeführt von:: c:\users\XB\Desktop\ComboFix.exe

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Setup.exe

c:\windows\IsUn0407.exe

c:\windows\system32\srcr.dat

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-08-24 bis 2011-09-24  ))))))))))))))))))))))))))))))

.

.

2011-09-24 12:49 . 2011-09-24 12:49        1449114        ----a-w-        c:\windows\system32\PerfStringBackup.TMP

2011-09-24 12:13 . 2011-09-24 12:13        --------        d-----w-        C:\_OTL

2011-09-22 16:28 . 2011-09-22 16:28        --------        d-----w-        c:\program files\MozBackup

2011-09-22 15:13 . 2011-09-22 15:13        --------        d-----w-        c:\program files\ESET

2011-09-21 18:07 . 2011-09-21 18:07        --------        d-----w-        c:\users\XB\AppData\Roaming\Malwarebytes

2011-09-21 18:07 . 2011-09-21 18:07        --------        d-----w-        c:\programdata\Malwarebytes

2011-09-21 18:07 . 2011-09-21 18:07        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-09-21 18:07 . 2011-08-31 15:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-09-21 18:01 . 2011-09-21 18:01        --------        d-----w-        C:\TDSSKiller_Quarantine

2011-09-21 17:21 . 2011-09-21 17:21        --------        d--h--r-        c:\users\XB\AppData\Roaming\SecuROM

2011-09-21 07:34 . 2011-09-21 07:34        102400        ----a-w-        c:\windows\RegBootClean.exe

2011-09-21 07:27 . 2011-06-21 04:09        200976        ----a-w-        c:\windows\system32\drivers\tmcomm.sys

2011-09-20 21:52 . 2011-09-20 21:52        --------        d-----w-        c:\program files\Sophos

2011-09-20 21:38 . 2011-09-20 21:38        --------        d-----w-        c:\program files\Avira

2011-09-20 14:34 . 2011-09-20 14:34        23624        ---ha-w-        c:\windows\system32\drivers\hitmanpro35.sys

2011-09-20 14:33 . 2011-09-20 14:34        --------        d--h--w-        c:\programdata\Hitman Pro

2011-09-17 10:58 . 2011-09-21 15:16        --------        d-----w-        c:\program files\Common Files\Steam

2011-09-17 10:57 . 2011-09-23 15:56        --------        d-----w-        c:\program files\Steam

2011-09-16 16:44 . 2011-08-12 02:44        7152464        ---ha-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A79BDD4-5B48-4037-B143-09A7752CAB9A}\mpengine.dll

2011-09-05 17:04 . 2011-09-05 17:04        183696        ----a-w-        c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2011-09-05 17:04 . 2011-09-05 17:04        183696        ----a-w-        c:\program files\Internet Explorer\Plugins\nppdf32.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-20 13:04 . 2011-05-17 16:02        404640        ---ha-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-11 13:25 . 2011-08-25 08:00        2048        ----a-w-        c:\windows\system32\tzres.dll

2011-07-06 15:31 . 2011-08-15 16:07        214016        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys

2011-06-30 06:35 . 2010-04-02 16:44        101720        ---ha-w-        c:\windows\system32\drivers\SBREDrv.sys

2009-04-24 15:01 . 2009-04-24 15:01        9819136        ----a-w-        c:\program files\openofficeorg31.msi

2008-09-30 15:48 . 2008-09-30 15:48        9776640        ----a-w-        c:\program files\openofficeorg30.msi

2002-03-11 09:06 . 2002-03-11 09:06        1822520        ----a-w-        c:\program files\instmsiw.exe

2002-03-11 08:45 . 2002-03-11 08:45        1708856        ----a-w-        c:\program files\instmsia.exe

2009-05-01 21:02 . 2009-05-01 21:02        1044480        ----a-w-        c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02        200704        ----a-w-        c:\program files\mozilla firefox\plugins\ssldivx.dll

2011-09-07 16:26 . 2011-05-31 18:20        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

2010-04-15 10:33        2515552        ----a-w-        c:\program files\Vuze_Remote\tbVuze.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\XB\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\XB\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\XB\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\XB\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-06-30 196608]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-03-12 3563520]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-26 442467]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-15 198160]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\users\XB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\XB\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-09-10 12:56        10536        ----a-w-        c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

R2 gupdate1c9857b8b2f9105;Google Update Service (gupdate1c9857b8b2f9105);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 133104]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-03-11 29736]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 133104]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-05-25 15232]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\A479.tmp [x]

R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]

R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2008-01-21 251904]

R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-05-25 64512]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-09-14 717296]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe [2008-06-26 73728]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-07-29 5120]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-03-14 54784]

S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-03-11 203264]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-03-11 149208]

S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-03-11 277624]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 23518345

*NewlyCreated* - 23525287

*Deregistered* - 23518345

*Deregistered* - 23525287

*Deregistered* - avipbb

*Deregistered* - ssmdrv

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs        REG_MULTI_SZ           BthServ

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners

.

2011-09-24 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-21 13:40]

.

2011-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 21:16]

.

2011-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 21:16]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4080910

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\XB\AppData\Roaming\Mozilla\Firefox\Profiles\aou9vsu3.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe

HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe

SafeBoot-97776012.sys

AddRemove-ZoomBrowserEXDeInstall - c:\windows\IsUn0407.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-09-24 16:48

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\A479.tmp"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-3073598487-600519957-3315168187-1000\Software\SecuROM\License information*]

"datasecu"=hex:df,02,08,42,5e,02,73,d7,af,a0,0a,af,4b,ca,2b,8a,08,dd,c0,00,6b,

   1d,35,46,f0,d3,ce,90,b4,da,c9,1a,62,37,ec,5a,41,df,48,dd,67,de,e6,bd,32,f0,\

"rkeysecu"=hex:e7,3c,94,71,5b,91,c2,a5,ca,5e,4c,73,5a,01,a9,c9

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2011-09-24  16:52:23

ComboFix-quarantined-files.txt  2011-09-24 14:52

.

Vor Suchlauf: 7 Verzeichnis(se), 149.965.443.072 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 149.924.421.632 Bytes frei

.

- - End Of File - - 55C32AF2AA78F21DA54A33ACD1CC949D

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Hier ist das GMER-Log. Das Programm hat sich zwar nicht aufgehangen, aber irgendwann kam die Meldung "The scan was stopped." Ob d.h., dass fertig gescannt wurde weiß ich nicht.

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2011-09-24 19:39:26

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0

Running: gotcuqfr.exe; Driver: C:\Users\XB\AppData\Local\Temp\pxldipoc.sys
 
 

---- System - GMER 1.0.15 ----
 

INT 0x52        ?                                                                                                                    B16F72D0

INT 0x62        ?                                                                                                                    B16F7050

INT 0x71        ?                                                                                                                    B38A27D0

INT 0x72        ?                                                                                                                    B16F7550

INT 0x81        ?                                                                                                                    B38A2CD0

INT 0x82        ?                                                                                                                    B38A57D0

INT 0x91        ?                                                                                                                    B38A2A50

INT 0xA0        ?                                                                                                                    B38A22D0

INT 0xA2        ?                                                                                                                    B16F7A50

INT 0xB0        ?                                                                                                                    B38AA7D0

INT 0xB1        ?                                                                                                                    B16F7CD0
 

---- Kernel code sections - GMER 1.0.15 ----
 

?               System32\Drivers\spkt.sys                                                                                            Das System kann den angegebenen Pfad nicht finden. !

.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                             section is writeable [0xBB60A000, 0x213FE7, 0xE8000020]

.text           USBPORT.SYS!DllUnload                                                                                                BBF7441B 5 Bytes  JMP B338D4E0 

.text           ai04huq0.SYS                                                                                                         BC20F000 22 Bytes  [82, 73, DC, E2, 6C, 72, DC, ...]

.text           ai04huq0.SYS                                                                                                         BC20F017 137 Bytes  [00, 32, B7, 99, B7, 3D, B5, ...]

.text           ai04huq0.SYS                                                                                                         BC20F0A1 43 Bytes  [F0, AA, E2, 74, E6, A4, E2, ...]

.text           ai04huq0.SYS                                                                                                         BC20F0CE 10 Bytes  [00, 00, 00, 00, 00, 00, 66, ...]

.text           ai04huq0.SYS                                                                                                         BC20F0DA 12 Bytes  [00, 00, 02, 00, 00, 00, 25, ...]

.text           ...                                                                                                                  

?               system32\DRIVERS\avgntflt.sys                                                                                        Das System kann den angegebenen Pfad nicht finden. !

.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                               section is writeable [0xCDAED300, 0x3ACC8, 0xE8000020]

.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                               section is writeable [0xCDBC0300, 0x1B7E, 0xE8000020]

?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                           Das System kann die angegebene Datei nicht finden. !

?               C:\Users\XB\AppData\Local\Temp\catchme.sys                                                                           Das System kann die angegebene Datei nicht finden. !
 

---- Kernel IAT/EAT - GMER 1.0.15 ----
 

IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                   [B78A2048] \SystemRoot\System32\Drivers\spkt.sys
 

---- Devices - GMER 1.0.15 ----
 

Device          \FileSystem\Ntfs \Ntfs                                                                                               B16AE1F8

Device          \FileSystem\fastfat \FatCdrom                                                                                        B3D2A4D0

Device          \Driver\volmgr \Device\VolMgrControl                                                                                 B0D181F8

Device          \Driver\usbuhci \Device\USBPDO-0                                                                                     B33C01F8

Device          \Driver\usbuhci \Device\USBPDO-1                                                                                     B33C01F8

Device          \Driver\usbehci \Device\USBPDO-2                                                                                     B33CA1F8

Device          \Driver\usbuhci \Device\USBPDO-3                                                                                     B33C01F8

Device          \Driver\usbuhci \Device\USBPDO-4                                                                                     B33C01F8

Device          \Driver\usbuhci \Device\USBPDO-5                                                                                     B33C01F8

Device          \Driver\usbehci \Device\USBPDO-6                                                                                     B33CA1F8

Device          \Driver\volmgr \Device\HarddiskVolume1                                                                               B0D181F8

Device          \Driver\volmgr \Device\HarddiskVolume2                                                                               B0D181F8

Device          \Driver\cdrom \Device\CdRom0                                                                                         B33CE1F8

Device          \Driver\iaStor \Device\Ide\iaStor0                                                                                   [B7AB88E0] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\iaStor \Device\Ide\iaStor0                                                                                   prosync1.sys (StarForce Protection Synchronization Driver/StarForce Technologies, Inc.)

Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                        [B7AB88E0] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                        prosync1.sys (StarForce Protection Synchronization Driver/StarForce Technologies, Inc.)

Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-1                                                                        [B7AB88E0] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-1                                                                        prosync1.sys (StarForce Protection Synchronization Driver/StarForce Technologies, Inc.)

Device          \Driver\volmgr \Device\HarddiskVolume3                                                                               B0D181F8

Device          \Driver\cdrom \Device\CdRom1                                                                                         B33CE1F8

Device          \Driver\prohlp02 \Device\ProHlp02                                                                                    BA246A08

Device          \Driver\netbt \Device\NetBt_Wins_Export                                                                              B08CC500

Device          \Driver\netbt \Device\NetBT_Tcpip_{1D4AA4CE-FA5C-4D1D-8845-B69DCC52D969}                                             B08CC500

Device          \Driver\Smb \Device\NetbiosSmb                                                                                       B3CB41F8

Device          \Driver\netbt \Device\NetBT_Tcpip_{AAEF5F1E-EDBC-4AE0-9A9A-3EA018D664A2}                                             B08CC500

Device          \Driver\iScsiPrt \Device\RaidPort0                                                                                   B383B1F8

Device          \Driver\usbuhci \Device\USBFDO-0                                                                                     B33C01F8

Device          \Driver\PCI_PNP6872 \Device\0000006d                                                                                 spkt.sys

Device          \Driver\usbuhci \Device\USBFDO-1                                                                                     B33C01F8

Device          \Driver\usbehci \Device\USBFDO-2                                                                                     B33CA1F8

Device          \Driver\usbuhci \Device\USBFDO-3                                                                                     B33C01F8

Device          \Driver\usbuhci \Device\USBFDO-4                                                                                     B33C01F8

Device          \Driver\sptd \Device\1839898909                                                                                      spkt.sys

Device          \Driver\usbuhci \Device\USBFDO-5                                                                                     B33C01F8

Device          \Driver\usbehci \Device\USBFDO-6                                                                                     B33CA1F8

Device          \Driver\ai04huq0 \Device\Scsi\ai04huq01Port2Path0Target0Lun0                                                         B33C21F8

Device          \Driver\ai04huq0 \Device\Scsi\ai04huq01                                                                              B33C21F8

Device          \FileSystem\fastfat \Fat                                                                                             B3D2A4D0
 

AttachedDevice  \FileSystem\fastfat \Fat                                                                                             fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 

Device          \FileSystem\cdfs \Cdfs                                                                                               B0E6B1F8
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001fe1be032d                                          

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                   771343423

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                   285507792

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                   1

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Program Files\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0x20 0x7D 0xF4 0xD8 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x24 0xEE 0x66 0x3F ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x07 0xF0 0xE1 0xE1 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001fe1be032d (not active ControlSet)                      

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Program Files\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x20 0x7D 0xF4 0xD8 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x24 0xEE 0x66 0x3F ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x07 0xF0 0xE1 0xE1 ...

Reg             HKLM\SYSTEM\ControlSet004\Services\BthPort\Parameters\Keys\001fe1be032d (not active ControlSet)                      

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Program Files\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x20 0x7D 0xF4 0xD8 ...

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x24 0xEE 0x66 0x3F ...

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x07 0xF0 0xE1 0xE1 ...
 

---- EOF - GMER 1.0.15 ----

Der OSAM-Scan folgt.

Hier OSAM:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 19:52:48 on 24.09.2011
 

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Mozilla Corporation Firefox 6.0.2
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"BCMWLCPL.CPL" - "Dell Inc." - C:\Windows\system32\BCMWLCPL.CPL

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"bcmwlcpl.cpl" - "Dell Inc." - C:\Windows\System32\bcmwlcpl.cpl

"Nero BurnRights" - ? - C:\Program Files\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl  (File not found)

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"ai04huq0" (ai04huq0) - "Microsoft Corporation" - C:\Windows\system32\drivers\ai04huq0.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)

"avgntflt" (avgntflt) - ? - C:\Windows\System32\DRIVERS\avgntflt.sys  (File not found)

"BCM42RLY" (BCM42RLY) - "Broadcom Corporation" - C:\Windows\System32\drivers\BCM42RLY.sys

"catchme" (catchme) - ? - C:\Users\XB\AppData\Local\Temp\catchme.sys  (File not found)

"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys

"DgiVecp" (DgiVecp) - ? - C:\Windows\system32\Drivers\DgiVecp.sys  (File not found)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys  (File found, but it contains no detailed information)

"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)

"MEMSWEEP2" (MEMSWEEP2) - ? - C:\Windows\system32\A479.tmp  (File not found)

"pxldipoc" (pxldipoc) - ? - C:\Users\XB\AppData\Local\Temp\pxldipoc.sys  (Hidden registry entry, rootkit activity | File not found)

"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)

"SSPORT" (SSPORT) - "Samsung Electronics" - C:\Windows\system32\Drivers\SSPORT.sys

"StarForce Protection Environment Driver v6" (prodrv06) - "StarForce Technologies, Inc." - C:\Windows\System32\drivers\prodrv06.sys

"StarForce Protection Helper Driver" (sfhlp01) - "StarForce Technologies, Inc." - C:\Windows\System32\drivers\sfhlp01.sys

"StarForce Protection Helper Driver v2" (prohlp02) - "StarForce Technologies, Inc." - C:\Windows\System32\drivers\prohlp02.sys

"StarForce Protection Synchronization Driver v1" (prosync1) - "StarForce Technologies, Inc." - C:\Windows\System32\drivers\prosync1.sys

"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{44BBA840-CC51-11CF-AAFA-00AA00B6015C} "Microsoft Windows Mail 7" - ? - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE  (File not found)

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{5A7B2149-7840-4531-B7B4-58F0F1CB0A6E} "IMAPIShlXt Class" - "Dell Inc" - C:\Windows\IMAPIShellExt.dll

{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll

{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - ? - C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll  (File not found)

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)

{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "Vuze Remote Toolbar" - "Conduit Ltd." - C:\Program Files\Vuze_Remote\tbVuze.dll

-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----

{ba14329e-9550-4989-b3f2-9732e92d17cc} "Vuze Remote Toolbar" - "Conduit Ltd." - C:\Program Files\Vuze_Remote\tbVuze.dll

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

{ba14329e-9550-4989-b3f2-9732e92d17cc} "Vuze Remote Toolbar" - "Conduit Ltd." - C:\Program Files\Vuze_Remote\tbVuze.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Dell Inc." - C:\Program Files\Dell\BAE\BAE.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{ba14329e-9550-4989-b3f2-9732e92d17cc} "Vuze Remote Toolbar" - "Conduit Ltd." - C:\Program Files\Vuze_Remote\tbVuze.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\XB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\XB\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Broadcom Wireless Manager UI" - "Dell Inc." - C:\Windows\system32\WLTRAY.exe

"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"PCMService" - "CyberLink Corp." - "C:\Program Files\Dell\MediaDirect\PCMService.exe"

"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
 

[Network Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----

"Dell Wireless WLAN Card Logon Provider" - "Dell Inc." - C:\Windows\System32\BCMLogon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

"Dell Wireless WLAN Tray Service" (wltrysvc) - ? - C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe  (File not found)

"Dock Login Service" (DockLoginService) - "Stardock Corporation" - C:\Program Files\Dell\DellDock\DockLogin.exe

"Google Update Service (gupdate1c9857b8b2f9105)" (gupdate1c9857b8b2f9105) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoToAssist" (GoToAssist) - "Citrix Online, a division of Citrix Systems, Inc." - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft Limited" - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe

"SupportSoft Sprocket Service (dellsupportcenter)" (sprtsvc_dellsupportcenter) - ? - C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter  (File not found)
 

[Winlogon]

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"GoToAssist" - "Citrix Online, a division of Citrix Systems, Inc." - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR kommt auch gleich?

Jupp, hab's grad nochmal neu gestartet, da es sich scheinbar bei einer Datei aufgehangen hat. Hat jedenfalls eine halbe Stunde lang nicht weiter gemacht.

Diesmal hat's geklappt. Er hat sich trotzdem irgendwann an einer Datei verhakt. Ich poste mal das Logfile bis hierher, viel wäre ohnehin nicht mehr gekommen. Vielleicht hilft das schon weiter. Ansonsten versuche ich morgen nochmal einen vollständigen Durchlauf und lösche die Dateien, bei denen das Programm sich anscheinend gerne sehr lange aufhält.

Code:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software

Run date: 2011-09-24 21:20:35

-----------------------------

21:20:35.266    OS Version: Windows 6.0.6002 Service Pack 2

21:20:35.267    Number of processors: 2 586 0x1706

21:20:35.270    ComputerName: XB-PC  UserName: XB

21:20:37.409    Initialize success

21:20:45.107    AVAST engine defs: 11092401

21:20:48.186    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

21:20:48.229    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3

21:20:51.055    Disk 0 MBR read successfully

21:20:51.163    Disk 0 MBR scan

21:20:51.171    Disk 0 Windows VISTA default MBR code

21:20:51.348    Disk 0 scanning sectors +625139712

21:20:52.119    Disk 0 scanning C:\Windows\system32\drivers

21:24:23.102    Service scanning

21:24:24.570    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

21:24:25.201    Modules scanning

21:28:05.139    Disk 0 trace - called modules:

21:28:05.273    ntkrnlpa.exe CLASSPNP.SYS disk.sys prosync1.sys hal.dll iastor.sys spkt.sys >>UNKNOWN [0xb1666938]<<

21:28:05.281    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xb225f4f8]

21:28:05.292    3 CLASSPNP.SYS[b81c58b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xb177b030]

21:28:07.466    AVAST engine scan C:\Windows

21:32:01.850    AVAST engine scan C:\Windows\system32

21:57:03.523    AVAST engine scan C:\Windows\system32\drivers

22:03:12.091    AVAST engine scan C:\Users\XB

23:28:06.664    Disk 0 MBR has been saved successfully to "C:\Users\XB\Desktop\MBR.dat"

23:28:06.684    The log file has been saved successfully to "C:\Users\XB\Desktop\aswMBR.txt"

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

OK, danke, mache mich dann an die weiteren Scans. Hier ist erstmal noch das vollständige aswMBR Log, das ich noch schuldig war. ;)

HTML-Code:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software

Run date: 2011-09-24 21:20:35

-----------------------------

21:20:35.266    OS Version: Windows 6.0.6002 Service Pack 2

21:20:35.267    Number of processors: 2 586 0x1706

21:20:35.270    ComputerName: XB-PC  UserName: XB

21:20:37.409    Initialize success

21:20:45.107    AVAST engine defs: 11092401

21:20:48.186    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

21:20:48.229    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3

21:20:51.055    Disk 0 MBR read successfully

21:20:51.163    Disk 0 MBR scan

21:20:51.171    Disk 0 Windows VISTA default MBR code

21:20:51.348    Disk 0 scanning sectors +625139712

21:20:52.119    Disk 0 scanning C:\Windows\system32\drivers

21:24:23.102    Service scanning

21:24:24.570    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

21:24:25.201    Modules scanning

21:28:05.139    Disk 0 trace - called modules:

21:28:05.273    ntkrnlpa.exe CLASSPNP.SYS disk.sys prosync1.sys hal.dll iastor.sys spkt.sys >>UNKNOWN [0xb1666938]<<

21:28:05.281    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xb225f4f8]

21:28:05.292    3 CLASSPNP.SYS[b81c58b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xb177b030]

21:28:07.466    AVAST engine scan C:\Windows

21:32:01.850    AVAST engine scan C:\Windows\system32

21:57:03.523    AVAST engine scan C:\Windows\system32\drivers

22:03:12.091    AVAST engine scan C:\Users\XB

23:28:06.664    Disk 0 MBR has been saved successfully to "C:\Users\XB\Desktop\MBR.dat"

23:28:06.684    The log file has been saved successfully to "C:\Users\XB\Desktop\aswMBR.txt"
 
 

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software

Run date: 2011-09-26 12:19:12

-----------------------------

12:19:12.556    OS Version: Windows 6.0.6002 Service Pack 2

12:19:12.556    Number of processors: 2 586 0x1706

12:19:12.559    ComputerName: XB-PC  UserName: XB

12:20:05.883    Initialize success

12:21:37.513    AVAST engine defs: 11092502

12:24:43.182    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

12:24:43.187    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3

12:24:45.277    Disk 0 MBR read successfully

12:24:45.282    Disk 0 MBR scan

12:24:45.290    Disk 0 Windows VISTA default MBR code

12:24:45.298    Disk 0 scanning sectors +625139712

12:24:45.437    Disk 0 scanning C:\Windows\system32\drivers

12:25:08.533    Service scanning

12:25:10.138    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

12:25:10.772    Modules scanning

12:25:21.872    Disk 0 trace - called modules:

12:25:21.919    ntkrnlpa.exe CLASSPNP.SYS disk.sys prosync1.sys hal.dll iastor.sys spec.sys >>UNKNOWN [0xb1666938]<<

12:25:21.927    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xb225eac8]

12:25:22.282    3 CLASSPNP.SYS[b81be8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xb1786030]

12:25:24.350    AVAST engine scan C:\Windows

12:25:30.600    AVAST engine scan C:\Windows\system32

12:29:10.401    AVAST engine scan C:\Windows\system32\drivers

12:29:39.604    AVAST engine scan C:\Users\XB

12:48:36.594    AVAST engine scan C:\ProgramData

12:53:23.790    Scan finished successfully

17:07:28.750    Disk 0 MBR has been saved successfully to "C:\Users\XB\Desktop\MBR.dat"

17:07:28.765    The log file has been saved successfully to "C:\Users\XB\Desktop\aswMBR.txt"

Hier ist schonmal Malwarebytes, der Rest folgt später...

Code:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 7801
 

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8080.16413
 

26.09.2011 18:32:16

mbam-log-2011-09-26 (18-32-16).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Durchsuchte Objekte: 340659

Laufzeit: 1 Stunde(n), 17 Minute(n), 38 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)