Trojaner-Board - Internet Explorer öffnet sich in unregelmäßigen Abständern (Promi News)

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Internet Explorer öffnet sich in unregelmäßigen Abständern (Promi News) (https://www.trojaner-board.de/103706-internet-explorer-oeffnet-unregelmaessigen-abstaendern-promi-news.html)

Internet Explorer öffnet sich in unregelmäßigen Abständern (Promi News)

Hallo Trojaner-Board-Gemeinde,
auf dem Computer meines Vaters tut sich der Internet Explorer 9 in unregelmäßigen Abständen von selbst auf, meistens beim Verwenden des Instant Messengers ICQ. Allerdings nur ein blankes Fenster und die Meldung, dass der IE9 nicht als Standardbrowser festgelegt sei.
Als er mir nun einen Screenshot davon via Snipping Tool erstellen sollte, taten sich laut seiner Beschreibung die Promi-News auf.
Ein Screenshot davon könnt ihr in den Anhängen finden (prominews.jpg)
Ich habe schon ein wenig recherchiert und denke, dass es sich um ein ähnliches Problem wie hier handelt (http://www.trojaner-board.de/103620-...romi-news.html)

Die beiden OTL-Logfiles habe ich auch als Anhang hochgeladen (Logfiles.zip)

Ich hoffe Ihr könnt mir und meinem Vater weiterhelfen.

Mit freundlichen Grüßen,
rockingwing

EDIT: Inhalt OTL.txt

Code:

OTL logfile created on: 9/27/2011 3:00:37 PM - Run 1

OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\xxx\Desktop\trojanerweg

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3.87 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 65.77% Memory free

7.73 Gb Paging File | 6.22 Gb Available in Paging File | 80.50% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 918.18 Gb Total Space | 829.01 Gb Free Space | 90.29% Space Free | Partition Type: NTFS

Drive D: | 13.24 Gb Total Space | 1.63 Gb Free Space | 12.29% Space Free | Partition Type: NTFS

 

Computer Name: xxx-HP | User Name: xxx | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011/09/27 14:52:09 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\trojanerweg\OTL.exe

PRC - [2010/10/14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2010/06/18 01:59:40 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

PRC - [2010/04/23 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe

PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/03/04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/01/18 19:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

PRC - [2009/10/15 00:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe

PRC - [2009/10/01 06:02:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2009/10/01 06:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2008/11/20 19:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011/08/11 21:48:42 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll

MOD - [2011/08/11 21:48:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll

MOD - [2011/08/11 21:48:40 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\69d837670ac67c4776ea5a115d64a550\IAStorUtil.ni.dll

MOD - [2011/08/11 21:48:39 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll

MOD - [2011/08/11 21:48:34 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll

MOD - [2011/08/11 21:48:30 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll

MOD - [2011/08/11 21:48:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll

MOD - [2011/08/11 21:48:26 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll

MOD - [2011/08/11 21:48:20 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll

MOD - [2010/11/13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2010/10/07 18:25:01 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll

MOD - [2010/06/18 02:10:06 | 001,700,920 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\PictureMover\DE-DE\Presentation.dll

MOD - [2010/06/18 02:00:10 | 012,286,520 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\PictureMover\Bin\Core.dll

MOD - [2010/01/18 19:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

MOD - [2009/07/14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2010/05/17 15:03:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2010/11/02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)

SRV - [2010/10/14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2010/04/04 01:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)

SRV - [2009/10/15 00:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

SRV - [2009/10/01 06:02:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)

SRV - [2009/10/01 06:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)

SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/12/18 00:32:31 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)

DRV:64bit: - [2010/12/15 17:55:01 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)

DRV:64bit: - [2010/12/15 17:54:53 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCapMP)

DRV:64bit: - [2010/12/15 17:54:53 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCap)

DRV:64bit: - [2010/11/20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2010/06/09 17:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)

DRV:64bit: - [2010/06/09 17:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)

DRV:64bit: - [2010/05/17 15:35:30 | 006,853,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/05/17 14:30:28 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/04/22 19:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)

DRV:64bit: - [2010/04/08 01:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2010/03/04 16:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/03/04 05:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)

DRV:64bit: - [2009/09/17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)

DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)

DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1

FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..network.proxy.type: 0

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/05/31 18:34:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011/05/31 18:34:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011/05/31 18:34:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/06 23:52:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/22 01:08:12 | 000,000,000 | ---D | M]

 

[2010/12/17 19:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions

[2011/09/07 22:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\i4hv43nm.default\extensions

[2011/09/01 17:13:06 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\i4hv43nm.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}

[2011/09/07 22:57:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\i4hv43nm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2011/06/09 02:04:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2010/12/18 00:47:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/02/25 22:38:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/06/09 02:04:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2010/12/18 00:33:01 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak

[2010/12/18 00:33:00 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak

() (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4HV43NM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2011/09/06 23:52:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2010/01/01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2010/01/01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2010/01/01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2010/01/01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2010/01/01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)

O4:64bit: - HKLM..\Run: [icPlus] C:\Program Files\icPlus\icPlus.exe (Thinklabs)

O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)

O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [Directory Opus Desktop Dblclk] C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (GP Software)

O4 - HKCU..\Run: [WEB.DE Club E-Mail Alarm] C:\Program Files (x86)\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe (WEB.DE)

O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory Opus (Startup).lnk =  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EB28AAB-B6E6-4975-B404-778482E0E85A}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B264BF17-39D2-400A-A5A7-8E23C28E5EDF}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab ZAO)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab ZAO)

O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) -C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab ZAO)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28:64bit: - HKLM ShellExecuteHooks: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)

O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)

O28 - HKLM ShellExecuteHooks: {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll (GP Software)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011/09/27 14:49:52 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\trojanerweg

[2011/09/15 20:02:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011/08/30 23:35:06 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\My Kindle Content

[2011/08/30 23:34:59 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon

[2011/08/30 23:34:59 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Amazon

[2011/08/30 23:34:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon

[2011/02/25 20:59:39 | 000,018,944 | --S- | C] ( ) -- C:\Windows\SysWow64\IMPLODE.DLL

[14 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011/09/27 14:50:42 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable

[2011/09/27 14:24:17 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/09/27 14:24:17 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/09/27 14:16:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/09/27 14:16:30 | 3113,545,728 | -HS- | M] () -- C:\hiberfil.sys

[2011/09/27 12:38:03 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/09/27 12:38:03 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011/09/27 12:38:03 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/09/27 12:38:03 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011/09/27 12:38:03 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/09/25 09:47:16 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForxxx.job

[2011/09/20 12:23:53 | 000,032,768 | ---- | M] () -- C:\Users\xxx\Documents\Trainerentlassungen I.Liga.wdb

[2011/09/20 12:23:39 | 000,120,320 | ---- | M] () -- C:\Users\xxx\Documents\Ausl.Nationalspieler.wdb

[2011/09/20 12:23:28 | 000,397,312 | ---- | M] () -- C:\Users\xxx\Documents\Alle Bundesligaspieler.wdb

[2011/09/16 17:06:35 | 000,001,115 | ---- | M] () -- C:\Users\xxx\Documents\familiamitglieder.rtf

[2011/09/15 22:08:29 | 000,000,390 | ---- | M] () -- C:\Users\xxx\Documents\sarevok klavier.rtf

[2011/09/15 20:02:05 | 001,526,060 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/09/13 01:10:02 | 000,001,144 | ---- | M] () -- C:\Users\xxx\Documents\etv.rtf

[2011/09/12 19:16:48 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\Directory Opus.lnk

[2011/09/12 16:22:44 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat

[2011/09/12 16:22:44 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat

[2011/09/12 13:02:31 | 000,002,236 | ---- | M] () -- C:\Users\xxx\Documents\ulrichtext.rtf

[2011/09/07 12:13:27 | 000,000,035 | ---- | M] () -- C:\Windows\Ulead32.INI

[2011/09/07 02:04:06 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\shortcut_ex.dat

[2011/09/06 19:20:47 | 000,001,084 | ---- | M] () -- C:\Users\xxx\Documents\Familia.rtf

[2011/09/06 02:07:51 | 000,000,874 | ---- | M] () -- C:\Users\xxx\Documents\TopVereine.rtf

[2011/09/05 23:38:29 | 000,003,374 | ---- | M] () -- C:\Users\xxx\Documents\austropop.rtf

[2011/09/03 00:10:53 | 000,002,994 | ---- | M] () -- C:\Users\xxx\Documents\österreicher.rtf

[2011/08/31 12:50:29 | 000,000,670 | ---- | M] () -- C:\Users\xxx\Documents\outsiders nl.rtf

[2011/08/30 23:35:00 | 000,001,996 | ---- | M] () -- C:\Users\xxx\Desktop\Kindle.lnk

[14 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011/09/27 14:50:42 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable

[2011/09/16 17:06:35 | 000,001,115 | ---- | C] () -- C:\Users\xxx\Documents\familiamitglieder.rtf

[2011/09/15 22:08:29 | 000,000,390 | ---- | C] () -- C:\Users\xxx\Documents\sarevok klavier.rtf

[2011/09/12 14:21:52 | 000,001,144 | ---- | C] () -- C:\Users\xxx\Documents\etv.rtf

[2011/09/12 10:32:04 | 000,002,236 | ---- | C] () -- C:\Users\xxx\Documents\ulrichtext.rtf

[2011/09/07 02:04:06 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat

[2011/09/06 19:20:47 | 000,001,084 | ---- | C] () -- C:\Users\xxx\Documents\Familia.rtf

[2011/09/06 02:07:51 | 000,000,874 | ---- | C] () -- C:\Users\xxx\Documents\TopVereine.rtf

[2011/09/05 23:38:29 | 000,003,374 | ---- | C] () -- C:\Users\xxx\Documents\austropop.rtf

[2011/09/03 00:10:53 | 000,002,994 | ---- | C] () -- C:\Users\xxx\Documents\österreicher.rtf

[2011/08/31 12:50:29 | 000,000,670 | ---- | C] () -- C:\Users\xxx\Documents\outsiders nl.rtf

[2011/08/30 23:35:00 | 000,001,996 | ---- | C] () -- C:\Users\xxx\Desktop\Kindle.lnk

[2011/07/09 11:58:08 | 000,093,656 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011/02/28 18:10:59 | 000,000,035 | ---- | C] () -- C:\Windows\Ulead32.INI

[2011/02/25 20:59:41 | 000,004,096 | --S- | C] () -- C:\Windows\SysWow64\X2F6SVDE.DLL

[2011/02/25 20:59:40 | 000,033,792 | --S- | C] () -- C:\Windows\SysWow64\P3S6IFDE.DLL

[2011/02/25 20:59:40 | 000,029,184 | --S- | C] () -- C:\Windows\SysWow64\P3O6ESDE.DLL

[2011/02/25 20:59:39 | 000,544,256 | --S- | C] () -- C:\Windows\SysWow64\janGraphics.dll

[2011/02/25 20:59:39 | 000,217,088 | --S- | C] () -- C:\Windows\SysWow64\libmySQL.dll

[2011/02/13 02:20:51 | 000,000,224 | ---- | C] () -- C:\ProgramData\MusicStation.xml

[2010/12/31 02:47:31 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2010/12/18 12:18:06 | 000,285,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsio.sys

[2010/12/18 12:18:06 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsreged.sys

[2010/12/18 12:14:23 | 000,000,041 | ---- | C] () -- C:\Windows\mscandc.ini

[2010/12/18 00:24:17 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/12/17 19:23:10 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2010/10/07 18:40:47 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2010/10/07 18:07:20 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat

[2010/10/07 17:44:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2003/10/06 10:21:31 | 000,000,000 | -H-- | C] () -- C:\ProgramData\sdpsenv.dat

 
 ========== LOP Check ==========

 

[2011/05/17 16:29:36 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\AllDup

[2011/01/22 17:08:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Das Fussball Studio

[2010/12/18 00:45:37 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GHISLER

[2010/12/18 00:40:25 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GPSoftware

[2011/02/11 19:39:48 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\icPlus

[2011/09/27 14:44:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ

[2011/02/13 02:20:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\newfolder3

[2010/12/17 19:34:19 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PictureMover

[2011/09/26 01:45:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SoftGrid Client

[2010/12/18 00:24:55 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TP

[2010/12/18 00:49:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\WEB.DE

[2010/12/18 20:02:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\WinBatch

[2011/09/07 09:54:47 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2011/01/09 00:00:20 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN

[2011/09/15 20:17:49 | 000,000,000 | -HSD | M] -- C:\Config.Msi

[2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2010/12/18 20:24:30 | 000,000,000 | RHSD | M] -- C:\hp

[2010/10/07 17:50:23 | 000,000,000 | ---D | M] -- C:\Intel

[2010/12/18 12:18:05 | 000,000,000 | ---D | M] -- C:\Kpcms

[2010/12/18 12:16:41 | 000,000,000 | ---D | M] -- C:\Medion

[2010/12/18 22:26:16 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2009/07/14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2011/04/16 14:46:34 | 000,000,000 | R--D | M] -- C:\Program Files

[2011/08/30 23:34:55 | 000,000,000 | R--D | M] -- C:\Program Files (x86)

[2011/07/09 12:30:24 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2009/07/24 20:32:39 | 000,000,000 | -HSD | M] -- C:\Recovery

[2010/12/18 20:02:39 | 000,000,000 | ---D | M] -- C:\swsetup

[2011/09/27 15:02:46 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2010/12/17 19:32:56 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV

[2011/02/25 20:56:21 | 000,000,000 | ---D | M] -- C:\Toooor

[2010/12/18 00:47:54 | 000,000,000 | ---D | M] -- C:\totalcmd

[2010/12/17 19:26:12 | 000,000,000 | R--D | M] -- C:\Users

[2011/08/28 08:36:23 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.manifest /3 >

 

 
 < MD5 for: EXPLORER.EXE  >

[2010/10/07 18:32:02 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe

[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe

[2010/10/07 18:33:50 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe

[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010/11/20 05:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2010/10/07 18:32:02 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe

[2010/10/07 18:30:29 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2010/10/07 18:33:50 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2010/10/07 18:30:29 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2010/11/20 06:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[2010/10/07 18:33:50 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2010/10/07 18:30:29 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2010/10/07 18:33:50 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2010/10/07 18:32:02 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe

[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

[2010/10/07 18:30:29 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

[2010/10/07 18:32:02 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

 
 < MD5 for: REGEDIT.EXE  >

[2009/07/14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe

[2009/07/14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe

[2009/07/14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe

[2009/07/14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

 
 < MD5 for: USERINIT.EXE  >

[2010/11/20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010/11/20 06:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010/11/20 06:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010/11/20 06:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010/11/20 06:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2010/10/07 18:33:50 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2010/10/07 18:33:50 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

 
 <           >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 320 bytes -> C:\ProgramData\sdpsenv.dat:naughtypirates
 

< End of report >

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Führe danach auch bitte ESET aus, danach sehen wir weiter.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

MBAM hat wohl nichts gefunden, ESET läuft noch, die Logs liefere ich dann nach..

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7808

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

27.09.2011 17:14:04
mbam-log-2011-09-27 (17-14-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Durchsuchte Objekte: 485239
Laufzeit: 40 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Hallo cosinus, hier der fertige ESET-Log. Siehe Anhang

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/4

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK/4

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/4

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK/4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK/4

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

@Alternate Data Stream - 320 bytes -> C:\ProgramData\sdpsenv.dat:naughtypirates

:Files

C:\ProgramData\sdpsenv.dat

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hallo cosinus,
anbei der Log-File von OTL, der nach dem Reboot erstellt wurde...

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

ADS C:\ProgramData\sdpsenv.dat:naughtypirates deleted successfully.

========== FILES ==========

C:\ProgramData\sdpsenv.dat moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Gerhard

->Temp folder emptied: 93219545 bytes

->Temporary Internet Files folder emptied: 52103347 bytes

->Java cache emptied: 30851 bytes

->FireFox cache emptied: 750837079 bytes

->Flash cache emptied: 8334 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 12771762 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 867.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.29.1 log created on 09272011_224947
 

Files\Folders moved on Reboot...

C:\Users\Gerhard\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Das ist der Log von dem Tool

Code:

15:46:12.0219 3820        TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43

15:46:12.0469 3820        ============================================================

15:46:12.0469 3820        Current date / time: 2011/09/28 15:46:12.0469

15:46:12.0469 3820        SystemInfo:

15:46:12.0469 3820        

15:46:12.0469 3820        OS Version: 6.1.7601 ServicePack: 1.0

15:46:12.0469 3820        Product type: Workstation

15:46:12.0469 3820        ComputerName: GERHARD-HP

15:46:12.0469 3820        UserName: Gerhard

15:46:12.0469 3820        Windows directory: C:\Windows

15:46:12.0469 3820        System windows directory: C:\Windows

15:46:12.0469 3820        Running under WOW64

15:46:12.0469 3820        Processor architecture: Intel x64

15:46:12.0469 3820        Number of processors: 4

15:46:12.0469 3820        Page size: 0x1000

15:46:12.0469 3820        Boot type: Normal boot

15:46:12.0469 3820        ============================================================

15:46:12.0827 3820        Initialize success

15:47:12.0910 6184        ============================================================

15:47:12.0910 6184        Scan started

15:47:12.0910 6184        Mode: Manual; 

15:47:12.0910 6184        ============================================================

15:47:13.0581 6184        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

15:47:13.0581 6184        1394ohci - ok

15:47:13.0612 6184        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

15:47:13.0628 6184        ACPI - ok

15:47:13.0643 6184        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

15:47:13.0643 6184        AcpiPmi - ok

15:47:13.0690 6184        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

15:47:13.0690 6184        adp94xx - ok

15:47:13.0706 6184        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

15:47:13.0706 6184        adpahci - ok

15:47:13.0737 6184        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

15:47:13.0737 6184        adpu320 - ok

15:47:13.0784 6184        AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

15:47:13.0799 6184        AFD - ok

15:47:13.0799 6184        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

15:47:13.0815 6184        agp440 - ok

15:47:13.0846 6184        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

15:47:13.0846 6184        aliide - ok

15:47:13.0893 6184        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

15:47:13.0893 6184        amdide - ok

15:47:13.0908 6184        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

15:47:13.0924 6184        AmdK8 - ok

15:47:14.0033 6184        amdkmdag        (cf3db4d8b2ce0b282ab39c9d846eca74) C:\Windows\system32\DRIVERS\atikmdag.sys

15:47:14.0127 6184        amdkmdag - ok

15:47:14.0142 6184        amdkmdap        (7d07db26f6d3a16a6c8d34ce6c09fd01) C:\Windows\system32\DRIVERS\atikmpag.sys

15:47:14.0158 6184        amdkmdap - ok

15:47:14.0174 6184        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

15:47:14.0174 6184        AmdPPM - ok

15:47:14.0220 6184        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

15:47:14.0236 6184        amdsata - ok

15:47:14.0236 6184        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

15:47:14.0252 6184        amdsbs - ok

15:47:14.0252 6184        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

15:47:14.0267 6184        amdxata - ok

15:47:14.0283 6184        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

15:47:14.0298 6184        AppID - ok

15:47:14.0314 6184        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

15:47:14.0314 6184        arc - ok

15:47:14.0330 6184        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

15:47:14.0345 6184        arcsas - ok

15:47:14.0361 6184        ASPI32 - ok

15:47:14.0376 6184        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

15:47:14.0376 6184        AsyncMac - ok

15:47:14.0439 6184        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

15:47:14.0439 6184        atapi - ok

15:47:14.0454 6184        AtiHdmiService  (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys

15:47:14.0470 6184        AtiHdmiService - ok

15:47:14.0501 6184        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

15:47:14.0517 6184        b06bdrv - ok

15:47:14.0548 6184        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

15:47:14.0548 6184        b57nd60a - ok

15:47:14.0595 6184        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

15:47:14.0595 6184        Beep - ok

15:47:14.0626 6184        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

15:47:14.0626 6184        blbdrive - ok

15:47:14.0673 6184        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

15:47:14.0673 6184        bowser - ok

15:47:14.0688 6184        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:47:14.0704 6184        BrFiltLo - ok

15:47:14.0720 6184        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:47:14.0720 6184        BrFiltUp - ok

15:47:14.0735 6184        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

15:47:14.0735 6184        Brserid - ok

15:47:14.0751 6184        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

15:47:14.0766 6184        BrSerWdm - ok

15:47:14.0782 6184        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

15:47:14.0782 6184        BrUsbMdm - ok

15:47:14.0782 6184        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

15:47:14.0798 6184        BrUsbSer - ok

15:47:14.0829 6184        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

15:47:14.0829 6184        BTHMODEM - ok

15:47:14.0860 6184        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

15:47:14.0876 6184        cdfs - ok

15:47:14.0907 6184        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

15:47:14.0907 6184        cdrom - ok

15:47:14.0922 6184        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

15:47:14.0922 6184        circlass - ok

15:47:14.0954 6184        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

15:47:14.0969 6184        CLFS - ok

15:47:15.0000 6184        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

15:47:15.0000 6184        CmBatt - ok

15:47:15.0016 6184        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

15:47:15.0063 6184        cmdide - ok

15:47:15.0110 6184        CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

15:47:15.0110 6184        CNG - ok

15:47:15.0125 6184        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

15:47:15.0125 6184        Compbatt - ok

15:47:15.0156 6184        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

15:47:15.0156 6184        CompositeBus - ok

15:47:15.0172 6184        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

15:47:15.0172 6184        crcdisk - ok

15:47:15.0203 6184        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

15:47:15.0219 6184        DfsC - ok

15:47:15.0234 6184        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

15:47:15.0234 6184        discache - ok

15:47:15.0266 6184        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

15:47:15.0266 6184        Disk - ok

15:47:15.0312 6184        dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

15:47:15.0312 6184        dot4 - ok

15:47:15.0344 6184        Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys

15:47:15.0344 6184        Dot4Print - ok

15:47:15.0359 6184        dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

15:47:15.0359 6184        dot4usb - ok

15:47:15.0390 6184        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

15:47:15.0390 6184        drmkaud - ok

15:47:15.0437 6184        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

15:47:15.0437 6184        DXGKrnl - ok

15:47:15.0515 6184        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

15:47:15.0546 6184        ebdrv - ok

15:47:15.0578 6184        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

15:47:15.0578 6184        elxstor - ok

15:47:15.0624 6184        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

15:47:15.0640 6184        ErrDev - ok

15:47:15.0656 6184        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

15:47:15.0656 6184        exfat - ok

15:47:15.0687 6184        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

15:47:15.0687 6184        fastfat - ok

15:47:15.0718 6184        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

15:47:15.0718 6184        fdc - ok

15:47:15.0734 6184        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

15:47:15.0749 6184        FileInfo - ok

15:47:15.0765 6184        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

15:47:15.0765 6184        Filetrace - ok

15:47:15.0780 6184        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

15:47:15.0796 6184        flpydisk - ok

15:47:15.0843 6184        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

15:47:15.0843 6184        FltMgr - ok

15:47:15.0874 6184        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

15:47:15.0874 6184        FsDepends - ok

15:47:15.0890 6184        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

15:47:15.0890 6184        Fs_Rec - ok

15:47:15.0921 6184        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

15:47:15.0921 6184        fvevol - ok

15:47:15.0952 6184        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

15:47:15.0952 6184        gagp30kx - ok

15:47:15.0983 6184        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

15:47:15.0983 6184        hcw85cir - ok

15:47:16.0030 6184        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

15:47:16.0046 6184        HdAudAddService - ok

15:47:16.0077 6184        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

15:47:16.0077 6184        HDAudBus - ok

15:47:16.0108 6184        HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

15:47:16.0108 6184        HECIx64 - ok

15:47:16.0124 6184        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

15:47:16.0124 6184        HidBatt - ok

15:47:16.0139 6184        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

15:47:16.0155 6184        HidBth - ok

15:47:16.0170 6184        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

15:47:16.0170 6184        HidIr - ok

15:47:16.0217 6184        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

15:47:16.0217 6184        HidUsb - ok

15:47:16.0264 6184        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

15:47:16.0264 6184        HpSAMD - ok

15:47:16.0295 6184        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

15:47:16.0311 6184        HTTP - ok

15:47:16.0326 6184        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

15:47:16.0326 6184        hwpolicy - ok

15:47:16.0358 6184        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

15:47:16.0373 6184        i8042prt - ok

15:47:16.0404 6184        iaStor          (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys

15:47:16.0404 6184        iaStor - ok

15:47:16.0451 6184        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

15:47:16.0451 6184        iaStorV - ok

15:47:16.0467 6184        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

15:47:16.0467 6184        iirsp - ok

15:47:16.0529 6184        IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys

15:47:16.0560 6184        IntcAzAudAddService - ok

15:47:16.0607 6184        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

15:47:16.0607 6184        intelide - ok

15:47:16.0623 6184        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

15:47:16.0638 6184        intelppm - ok

15:47:16.0670 6184        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:47:16.0670 6184        IpFilterDriver - ok

15:47:16.0701 6184        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

15:47:16.0716 6184        IPMIDRV - ok

15:47:16.0732 6184        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

15:47:16.0748 6184        IPNAT - ok

15:47:16.0763 6184        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

15:47:16.0763 6184        IRENUM - ok

15:47:16.0779 6184        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

15:47:16.0794 6184        isapnp - ok

15:47:16.0810 6184        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

15:47:16.0810 6184        iScsiPrt - ok

15:47:16.0841 6184        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

15:47:16.0841 6184        kbdclass - ok

15:47:16.0857 6184        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

15:47:16.0872 6184        kbdhid - ok

15:47:16.0904 6184        KL1             (8d7120743a0973ceab548b475c9d4289) C:\Windows\system32\DRIVERS\kl1.sys

15:47:16.0904 6184        KL1 - ok

15:47:16.0935 6184        kl2             (cd146d8e525d6eebdcaf24120a8ab9ce) C:\Windows\system32\DRIVERS\kl2.sys

15:47:16.0935 6184        kl2 - ok

15:47:16.0982 6184        KLIF            (c1786c2f8de0f62e076f7ef8dea4e87a) C:\Windows\system32\DRIVERS\klif.sys

15:47:16.0982 6184        KLIF - ok

15:47:16.0997 6184        KLIM6           (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys

15:47:17.0013 6184        KLIM6 - ok

15:47:17.0013 6184        klmouflt        (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys

15:47:17.0028 6184        klmouflt - ok

15:47:17.0044 6184        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

15:47:17.0060 6184        KSecDD - ok

15:47:17.0075 6184        KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

15:47:17.0075 6184        KSecPkg - ok

15:47:17.0091 6184        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

15:47:17.0091 6184        ksthunk - ok

15:47:17.0122 6184        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

15:47:17.0122 6184        lltdio - ok

15:47:17.0169 6184        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

15:47:17.0184 6184        LSI_FC - ok

15:47:17.0200 6184        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

15:47:17.0200 6184        LSI_SAS - ok

15:47:17.0216 6184        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:47:17.0231 6184        LSI_SAS2 - ok

15:47:17.0247 6184        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:47:17.0247 6184        LSI_SCSI - ok

15:47:17.0262 6184        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

15:47:17.0262 6184        luafv - ok

15:47:17.0325 6184        MBAMProtector   (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys

15:47:17.0340 6184        MBAMProtector - ok

15:47:17.0372 6184        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

15:47:17.0372 6184        megasas - ok

15:47:17.0387 6184        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

15:47:17.0403 6184        MegaSR - ok

15:47:17.0418 6184        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

15:47:17.0418 6184        Modem - ok

15:47:17.0434 6184        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

15:47:17.0434 6184        monitor - ok

15:47:17.0465 6184        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

15:47:17.0481 6184        mouclass - ok

15:47:17.0496 6184        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

15:47:17.0496 6184        mouhid - ok

15:47:17.0543 6184        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

15:47:17.0543 6184        mountmgr - ok

15:47:17.0574 6184        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

15:47:17.0590 6184        mpio - ok

15:47:17.0606 6184        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

15:47:17.0606 6184        mpsdrv - ok

15:47:17.0637 6184        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

15:47:17.0637 6184        MRxDAV - ok

15:47:17.0684 6184        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

15:47:17.0684 6184        mrxsmb - ok

15:47:17.0715 6184        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:47:17.0715 6184        mrxsmb10 - ok

15:47:17.0730 6184        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:47:17.0730 6184        mrxsmb20 - ok

15:47:17.0777 6184        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

15:47:17.0777 6184        msahci - ok

15:47:17.0793 6184        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

15:47:17.0793 6184        msdsm - ok

15:47:17.0824 6184        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

15:47:17.0824 6184        Msfs - ok

15:47:17.0855 6184        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

15:47:17.0855 6184        mshidkmdf - ok

15:47:17.0886 6184        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

15:47:17.0886 6184        msisadrv - ok

15:47:17.0918 6184        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

15:47:17.0933 6184        MSKSSRV - ok

15:47:17.0933 6184        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

15:47:17.0949 6184        MSPCLOCK - ok

15:47:17.0964 6184        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

15:47:17.0964 6184        MSPQM - ok

15:47:18.0011 6184        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

15:47:18.0011 6184        MsRPC - ok

15:47:18.0042 6184        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

15:47:18.0042 6184        mssmbios - ok

15:47:18.0074 6184        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

15:47:18.0074 6184        MSTEE - ok

15:47:18.0089 6184        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

15:47:18.0089 6184        MTConfig - ok

15:47:18.0105 6184        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

15:47:18.0120 6184        Mup - ok

15:47:18.0152 6184        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

15:47:18.0152 6184        NativeWifiP - ok

15:47:18.0183 6184        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

15:47:18.0198 6184        NDIS - ok

15:47:18.0214 6184        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

15:47:18.0230 6184        NdisCap - ok

15:47:18.0245 6184        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

15:47:18.0245 6184        NdisTapi - ok

15:47:18.0276 6184        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

15:47:18.0276 6184        Ndisuio - ok

15:47:18.0292 6184        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

15:47:18.0292 6184        NdisWan - ok

15:47:18.0323 6184        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

15:47:18.0323 6184        NDProxy - ok

15:47:18.0339 6184        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

15:47:18.0339 6184        NetBIOS - ok

15:47:18.0386 6184        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

15:47:18.0386 6184        NetBT - ok

15:47:18.0432 6184        netr7364        (81b8d0c1ce44a7fdbd596b693783950c) C:\Windows\system32\DRIVERS\netr7364.sys

15:47:18.0432 6184        netr7364 - ok

15:47:18.0448 6184        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

15:47:18.0464 6184        nfrd960 - ok

15:47:18.0479 6184        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

15:47:18.0479 6184        Npfs - ok

15:47:18.0495 6184        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

15:47:18.0495 6184        nsiproxy - ok

15:47:18.0557 6184        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

15:47:18.0573 6184        Ntfs - ok

15:47:18.0604 6184        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

15:47:18.0604 6184        Null - ok

15:47:18.0620 6184        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

15:47:18.0635 6184        nvraid - ok

15:47:18.0651 6184        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

15:47:18.0651 6184        nvstor - ok

15:47:18.0682 6184        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

15:47:18.0698 6184        nv_agp - ok

15:47:18.0713 6184        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

15:47:18.0729 6184        ohci1394 - ok

15:47:18.0760 6184        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

15:47:18.0776 6184        Parport - ok

15:47:18.0791 6184        partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

15:47:18.0791 6184        partmgr - ok

15:47:18.0822 6184        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

15:47:18.0822 6184        pci - ok

15:47:18.0854 6184        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

15:47:18.0854 6184        pciide - ok

15:47:18.0869 6184        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

15:47:18.0885 6184        pcmcia - ok

15:47:18.0900 6184        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

15:47:18.0900 6184        pcw - ok

15:47:18.0932 6184        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

15:47:18.0932 6184        PEAUTH - ok

15:47:18.0994 6184        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

15:47:18.0994 6184        PptpMiniport - ok

15:47:19.0010 6184        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

15:47:19.0025 6184        Processor - ok

15:47:19.0041 6184        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

15:47:19.0041 6184        Psched - ok

15:47:19.0072 6184        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

15:47:19.0103 6184        ql2300 - ok

15:47:19.0119 6184        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

15:47:19.0134 6184        ql40xx - ok

15:47:19.0150 6184        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

15:47:19.0150 6184        QWAVEdrv - ok

15:47:19.0166 6184        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

15:47:19.0166 6184        RasAcd - ok

15:47:19.0197 6184        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

15:47:19.0197 6184        RasAgileVpn - ok

15:47:19.0228 6184        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

15:47:19.0244 6184        Rasl2tp - ok

15:47:19.0259 6184        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

15:47:19.0275 6184        RasPppoe - ok

15:47:19.0290 6184        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

15:47:19.0290 6184        RasSstp - ok

15:47:19.0322 6184        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

15:47:19.0322 6184        rdbss - ok

15:47:19.0337 6184        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

15:47:19.0337 6184        rdpbus - ok

15:47:19.0368 6184        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

15:47:19.0368 6184        RDPCDD - ok

15:47:19.0400 6184        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

15:47:19.0400 6184        RDPENCDD - ok

15:47:19.0415 6184        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

15:47:19.0431 6184        RDPREFMP - ok

15:47:19.0462 6184        RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

15:47:19.0462 6184        RDPWD - ok

15:47:19.0493 6184        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

15:47:19.0493 6184        rdyboost - ok

15:47:19.0556 6184        RRNetCap        (2abd2b3ba2ef0c3ba82284c2a5e28675) C:\Windows\system32\DRIVERS\rrnetcap.sys

15:47:19.0556 6184        RRNetCap - ok

15:47:19.0556 6184        RRNetCapMP      (2abd2b3ba2ef0c3ba82284c2a5e28675) C:\Windows\system32\DRIVERS\rrnetcap.sys

15:47:19.0556 6184        RRNetCapMP - ok

15:47:19.0571 6184        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

15:47:19.0587 6184        rspndr - ok

15:47:19.0634 6184        RTL8167         (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys

15:47:19.0634 6184        RTL8167 - ok

15:47:19.0665 6184        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

15:47:19.0680 6184        sbp2port - ok

15:47:19.0712 6184        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

15:47:19.0712 6184        scfilter - ok

15:47:19.0743 6184        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

15:47:19.0743 6184        secdrv - ok

15:47:19.0774 6184        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

15:47:19.0774 6184        Serenum - ok

15:47:19.0790 6184        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

15:47:19.0790 6184        Serial - ok

15:47:19.0821 6184        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

15:47:19.0821 6184        sermouse - ok

15:47:19.0852 6184        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

15:47:19.0852 6184        sffdisk - ok

15:47:19.0883 6184        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

15:47:19.0883 6184        sffp_mmc - ok

15:47:19.0899 6184        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

15:47:19.0899 6184        sffp_sd - ok

15:47:19.0914 6184        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

15:47:19.0930 6184        sfloppy - ok

15:47:19.0961 6184        Sftfs           (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys

15:47:19.0977 6184        Sftfs - ok

15:47:20.0008 6184        Sftplay         (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys

15:47:20.0008 6184        Sftplay - ok

15:47:20.0024 6184        Sftredir        (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys

15:47:20.0024 6184        Sftredir - ok

15:47:20.0039 6184        Sftvol          (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys

15:47:20.0055 6184        Sftvol - ok

15:47:20.0086 6184        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

15:47:20.0086 6184        SiSRaid2 - ok

15:47:20.0102 6184        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

15:47:20.0117 6184        SiSRaid4 - ok

15:47:20.0133 6184        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

15:47:20.0133 6184        Smb - ok

15:47:20.0164 6184        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

15:47:20.0164 6184        spldr - ok

15:47:20.0211 6184        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

15:47:20.0211 6184        srv - ok

15:47:20.0242 6184        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

15:47:20.0258 6184        srv2 - ok

15:47:20.0273 6184        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

15:47:20.0273 6184        srvnet - ok

15:47:20.0289 6184        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

15:47:20.0304 6184        stexstor - ok

15:47:20.0336 6184        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

15:47:20.0336 6184        swenum - ok

15:47:20.0382 6184        tbhsd           (93f0f5ef8a4ca261372df98b31b2bd05) C:\Windows\system32\drivers\tbhsd.sys

15:47:20.0382 6184        tbhsd - ok

15:47:20.0429 6184        Tcpip           (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys

15:47:20.0460 6184        Tcpip - ok

15:47:20.0523 6184        TCPIP6          (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys

15:47:20.0523 6184        TCPIP6 - ok

15:47:20.0570 6184        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

15:47:20.0585 6184        tcpipreg - ok

15:47:20.0616 6184        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

15:47:20.0616 6184        TDPIPE - ok

15:47:20.0632 6184        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

15:47:20.0632 6184        TDTCP - ok

15:47:20.0663 6184        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

15:47:20.0663 6184        tdx - ok

15:47:20.0710 6184        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

15:47:20.0710 6184        TermDD - ok

15:47:20.0772 6184        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

15:47:20.0772 6184        tssecsrv - ok

15:47:20.0804 6184        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

15:47:20.0804 6184        TsUsbFlt - ok

15:47:20.0835 6184        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

15:47:20.0835 6184        tunnel - ok

15:47:20.0850 6184        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

15:47:20.0850 6184        uagp35 - ok

15:47:20.0882 6184        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

15:47:20.0882 6184        udfs - ok

15:47:20.0928 6184        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

15:47:20.0928 6184        uliagpkx - ok

15:47:20.0960 6184        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

15:47:20.0960 6184        umbus - ok

15:47:20.0975 6184        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

15:47:20.0975 6184        UmPass - ok

15:47:21.0022 6184        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

15:47:21.0022 6184        usbccgp - ok

15:47:21.0053 6184        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

15:47:21.0053 6184        usbcir - ok

15:47:21.0084 6184        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

15:47:21.0084 6184        usbehci - ok

15:47:21.0100 6184        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

15:47:21.0116 6184        usbhub - ok

15:47:21.0131 6184        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

15:47:21.0131 6184        usbohci - ok

15:47:21.0147 6184        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

15:47:21.0162 6184        usbprint - ok

15:47:21.0194 6184        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

15:47:21.0194 6184        usbscan - ok

15:47:21.0225 6184        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:47:21.0240 6184        USBSTOR - ok

15:47:21.0256 6184        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

15:47:21.0256 6184        usbuhci - ok

15:47:21.0303 6184        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

15:47:21.0318 6184        vdrvroot - ok

15:47:21.0350 6184        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

15:47:21.0350 6184        vga - ok

15:47:21.0365 6184        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

15:47:21.0365 6184        VgaSave - ok

15:47:21.0396 6184        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

15:47:21.0396 6184        vhdmp - ok

15:47:21.0428 6184        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

15:47:21.0443 6184        viaide - ok

15:47:21.0474 6184        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

15:47:21.0474 6184        volmgr - ok

15:47:21.0521 6184        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

15:47:21.0521 6184        volmgrx - ok

15:47:21.0537 6184        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

15:47:21.0537 6184        volsnap - ok

15:47:21.0568 6184        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

15:47:21.0584 6184        vsmraid - ok

15:47:21.0599 6184        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

15:47:21.0599 6184        vwifibus - ok

15:47:21.0615 6184        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

15:47:21.0630 6184        vwififlt - ok

15:47:21.0646 6184        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

15:47:21.0646 6184        WacomPen - ok

15:47:21.0677 6184        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

15:47:21.0677 6184        WANARP - ok

15:47:21.0677 6184        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

15:47:21.0677 6184        Wanarpv6 - ok

15:47:21.0708 6184        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

15:47:21.0708 6184        Wd - ok

15:47:21.0740 6184        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

15:47:21.0740 6184        Wdf01000 - ok

15:47:21.0786 6184        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

15:47:21.0786 6184        WfpLwf - ok

15:47:21.0802 6184        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

15:47:21.0802 6184        WIMMount - ok

15:47:21.0864 6184        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

15:47:21.0864 6184        WmiAcpi - ok

15:47:21.0896 6184        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

15:47:21.0896 6184        ws2ifsl - ok

15:47:21.0927 6184        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

15:47:21.0927 6184        WudfPf - ok

15:47:21.0958 6184        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

15:47:21.0958 6184        WUDFRd - ok

15:47:21.0989 6184        MBR (0x1B8)     (f482901658776ca59f91c98a1d747c85) \Device\Harddisk0\DR0

15:47:22.0067 6184        \Device\Harddisk0\DR0 - ok

15:47:22.0083 6184        Boot (0x1200)   (292ef981ba2320942f43a8536aab8825) \Device\Harddisk0\DR0\Partition0

15:47:22.0083 6184        \Device\Harddisk0\DR0\Partition0 - ok

15:47:22.0098 6184        Boot (0x1200)   (471c373d019d2ca683bf6e9513f54c5c) \Device\Harddisk0\DR0\Partition1

15:47:22.0098 6184        \Device\Harddisk0\DR0\Partition1 - ok

15:47:22.0130 6184        Boot (0x1200)   (ec4f8d0e056f86336fa52c2e2491296e) \Device\Harddisk0\DR0\Partition2

15:47:22.0130 6184        \Device\Harddisk0\DR0\Partition2 - ok

15:47:22.0130 6184        ============================================================

15:47:22.0130 6184        Scan finished

15:47:22.0130 6184        ============================================================

15:47:22.0130 5776        Detected object count: 0

15:47:22.0130 5776        Actual detected object count: 0

Scheint wohl alles sauber zu sein.

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Code:

ComboFix 11-09-28.01 - Gerhard 28.09.2011  18:02:50.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3959.2501 [GMT 2:00]

ausgeführt von:: c:\users\Gerhard\Desktop\trojanerweg\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\cd2c60de.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-08-28 bis 2011-09-28  ))))))))))))))))))))))))))))))

.

.

2011-09-28 16:07 . 2011-09-28 16:07        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-09-27 20:49 . 2011-09-27 20:49        --------        d-----w-        C:\_OTL

2011-09-27 15:15 . 2011-09-27 15:15        --------        d-----w-        c:\program files (x86)\ESET

2011-09-27 14:27 . 2011-09-27 14:27        --------        d-----w-        c:\users\Gerhard\AppData\Roaming\Malwarebytes

2011-09-27 14:27 . 2011-09-27 14:27        --------        d-----w-        c:\programdata\Malwarebytes

2011-09-27 14:27 . 2011-09-27 14:27        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-09-27 14:27 . 2011-08-31 15:00        25416        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-09-27 12:55 . 2011-09-13 00:26        9049936        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{37F8CB28-DB70-48A1-B8C4-1A9D13E3BD86}\mpengine.dll

2011-08-30 21:34 . 2011-08-30 21:34        --------        d-----w-        c:\users\Gerhard\AppData\Local\Amazon

2011-08-30 21:34 . 2011-08-30 21:34        --------        d-----w-        c:\program files (x86)\Amazon

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-01 15:10 . 2011-05-31 22:07        404640        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-22 05:22 . 2011-08-11 08:13        1638912        ----a-w-        c:\windows\system32\mshtml.tlb

2011-07-22 04:54 . 2011-08-11 08:13        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb

2011-07-16 05:41 . 2011-08-11 08:13        362496        ----a-w-        c:\windows\system32\wow64win.dll

2011-07-16 05:41 . 2011-08-11 08:13        243200        ----a-w-        c:\windows\system32\wow64.dll

2011-07-16 05:41 . 2011-08-11 08:13        13312        ----a-w-        c:\windows\system32\wow64cpu.dll

2011-07-16 05:39 . 2011-08-11 08:13        16384        ----a-w-        c:\windows\system32\ntvdm64.dll

2011-07-16 05:37 . 2011-08-11 08:13        421888        ----a-w-        c:\windows\system32\KernelBase.dll

2011-07-16 05:21 . 2011-08-11 08:13        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        5120        ---ha-w-        c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 08:13        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 04:29 . 2011-08-11 08:13        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll

2011-07-16 04:26 . 2011-08-11 08:13        44032        ----a-w-        c:\windows\apppatch\acwow64.dll

2011-07-16 04:25 . 2011-08-11 08:13        25600        ----a-w-        c:\windows\SysWow64\setup16.exe

2011-07-16 04:24 . 2011-08-11 08:13        5120        ----a-w-        c:\windows\SysWow64\wow32.dll

2011-07-16 04:24 . 2011-08-11 08:13        272384        ----a-w-        c:\windows\SysWow64\KernelBase.dll

2011-07-16 04:15 . 2011-08-11 08:13        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 08:13        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 08:13        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 08:13        5120        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 08:13        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 08:13        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 08:13        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 08:13        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 08:13        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 08:13        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 08:13        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 08:13        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 08:13        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 08:13        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 08:13        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 08:13        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 08:13        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 08:13        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 08:13        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 08:13        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 08:13        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 08:13        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 08:13        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 08:13        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:21 . 2011-08-11 08:13        7680        ----a-w-        c:\windows\SysWow64\instnm.exe

2011-07-16 02:21 . 2011-08-11 08:13        2048        ----a-w-        c:\windows\SysWow64\user.exe

2011-07-16 02:17 . 2011-08-11 08:13        6144        ---ha-w-        c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17 . 2011-08-11 08:13        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17 . 2011-08-11 08:13        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17 . 2011-08-11 08:13        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-09 05:26 . 2011-08-24 07:52        2048        ----a-w-        c:\windows\system32\tzres.dll

2011-07-09 04:29 . 2011-08-24 07:52        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2011-07-09 02:46 . 2011-08-11 08:13        288768        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys

2006-05-03 10:06        163328        --sh--r-        c:\windows\SysWOW64\flvDX.dll

2007-02-21 11:47        31232        --sh--r-        c:\windows\SysWOW64\msfDX.dll

2008-03-16 13:30        216064        --sh--r-        c:\windows\SysWOW64\nbDX.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Directory Opus Desktop Dblclk"="c:\program files\GPSoftware\Directory Opus\dopusrt.exe" [2011-09-09 347792]

"WEB.DE Club E-Mail Alarm"="c:\program files (x86)\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe" [2010-04-08 2153472]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-18 98304]

"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-04-25 61112]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Directory Opus (Startup).lnk - c:\program files\GPSoftware\Directory Opus\dopus.exe [2011-9-12 16807032]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Scanner Finder.lnk - c:\program files (x86)\ScanWizard 5\ScannerFinder.exe [2010-12-18 356352]

Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-18 1040952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{EE761688-C137-4b04-8FAB-3C9CDF0886F0}"= "c:\program files\GPSoftware\Directory Opus\dopuslib32.dll" [2011-09-09 358000]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\sbhook.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]

S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]

S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]

.

.

Inhalt des "geplante Tasks" Ordners

.

2011-09-25 c:\windows\Tasks\HPCeeScheduleForGerhard.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]

"icPlus"="c:\program files\icPlus\icPlus.exe" [2011-02-11 548864]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"= "c:\program files\GPSoftware\Directory Opus\dopuslib.dll" [2011-09-09 1354904]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

uLocal Page = c:\windows\system32\blank.htm

mStart Page = 

mLocal Page = 

IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm

IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\i4hv43nm.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - prefs.js: network.proxy.type - 0

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\SysWOW64\ezSharedSvcHost.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-09-28  18:14:34 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-09-28 16:14

.

Vor Suchlauf: 13 Verzeichnis(se), 887.337.451.520 Bytes frei

Nach Suchlauf: 20 Verzeichnis(se), 887.181.012.992 Bytes frei

.

- - End Of File - - C50C9C48A02FF63261BCC6682D1B5AA4

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Hallo cosinus, sorry für die kleine Verspätung. Hier die aswMBR.txt-Datei

Code:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software

Run date: 2011-10-02 14:22:02

-----------------------------

14:22:02.362    OS Version: Windows x64 6.1.7601 Service Pack 1

14:22:02.362    Number of processors: 4 586 0x2505

14:22:02.377    ComputerName: GERHARD-HP  UserName: Gerhard

14:22:05.248    Initialize success

14:25:22.734    AVAST engine defs: 11100201

14:25:34.637    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

14:25:34.637    Disk 0 Vendor: ST310005 HP35 Size: 953869MB BusType: 8

14:25:34.653    Disk 0 MBR read successfully

14:25:34.653    Disk 0 MBR scan

14:25:34.653    Disk 0 unknown MBR code

14:25:34.653    Service scanning

14:25:34.934    Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5

14:25:34.934    Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5

14:25:34.934    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5

14:25:34.949    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5

14:25:35.542    Modules scanning

14:25:35.542    Disk 0 trace - called modules:

14:25:35.542    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 

14:25:35.542    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004923790]

14:25:35.542    3 CLASSPNP.SYS[fffff880023cd43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80045f5050]

14:25:38.943    AVAST engine scan C:\Windows

14:25:41.377    AVAST engine scan C:\Windows\system32

14:26:54.478    AVAST engine scan C:\Windows\system32\drivers

14:27:02.793    AVAST engine scan C:\Users\Gerhard

14:36:12.819    AVAST engine scan C:\ProgramData

14:43:16.609    Scan finished successfully

14:43:40.586    Disk 0 MBR has been saved successfully to "C:\Users\Gerhard\Desktop\MBR.dat"

14:43:40.586    The log file has been saved successfully to "C:\Users\Gerhard\Desktop\aswMBR.txt"

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.
Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.
Anschließend Windows neu starten und ein neues Log mit aswMBR machen.