Trojaner-Board - Sinowal ?!

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Sinowal ?! (https://www.trojaner-board.de/104432-sinowal.html)

Hallo zusammen,

gleich vorneweg, ich hab nicht wirklich viel Ahnung, beiße mich aber durch und hoffe auf Eure Hilfe:
Mein Antivir hat Alarm geschlagen und für mehrere Dateien BDS/Sinowal.380901 gemeldet. Ich habe daraufhin einen vollständige Systemprüfung mit Antivir gemacht und die infizierten Dateien später auch unter Quarantäne stellen lassen.

Ich hab dann den Rechner nochmal mit der Kaspersky-Rescue CD geprüft. Da wurden mir zwei .tmp Dateien mit Sinowal.oyz gemeldet, die ich gelöscht habe.

Seitdem kommen keine Warnungen mehr.
Hab aber gelesen, dass man Sinowal nicht so ohne weiteres los wird ?!

Hänge hier noch den antivir-report das gmer logfile dran.
Was soll ich tun ?

Hier noch das OTL Logfile

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Das ist das Malwarebytes Logfile von gestern abend:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8006

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

23.10.2011 21:49:27
mbam-log-2011-10-23 (21-49-27).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 161419
Laufzeit: 5 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Irgendwie kann ich malwarebytes gerade nicht aktualisieren.
Das hängt sich da immer auf. Ich probier mal noch bissel...

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Zitat:

Art des Suchlaufs: Quick-Scan

Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!

So, also Aktualisierung von Malwarebyte geht absolut nicht. Soll ich es nochmal neu installieren ? Hab den Vollscan mit der Version von gestern abend gemacht. Andere Logfiles hab ich nicht.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8006

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

24.10.2011 17:17:51
mbam-log-2011-10-24 (17-17-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|I:\|)
Durchsuchte Objekte: 300244
Laufzeit: 1 Stunde(n), 35 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

ESET log folgt.
Vielen Dank schonmal.

So, also Aktualisierung von Malwarebytes geht absolut nicht. Soll ich es nochmal neu installieren ? Hab den Vollscan mit der Version von gestern abend gemacht. Andere logfiles hab ich nicht.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8006

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

24.10.2011 17:17:51
mbam-log-2011-10-24 (17-17-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|I:\|)
Durchsuchte Objekte: 300244
Laufzeit: 1 Stunde(n), 35 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

ESET log folgt.

Vielen Dank schonmal.

Malwarebytes Log nach Aktualisierung

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8013

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

24.10.2011 21:53:55
mbam-log-2011-10-24 (21-53-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 300385
Laufzeit: 1 Stunde(n), 30 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

ESET Log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9f386078d47c7046b93e80d79bfb20a0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-24 09:31:07
# local_time=2011-10-24 11:31:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 259378 259378 0 0
# compatibility_mode=5892 16776573 100 100 449 157019320 0 0
# compatibility_mode=8192 67108863 100 0 144 144 0 0
# scanned=149065
# found=0
# cleaned=0
# scan_time=5275

MfG Gerd

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

OTL Log

OTL Logfile:

Code:

OTL logfile created on: 25.10.2011 13:59:48 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\gk\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,75 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 64,04% Memory free

5,72 Gb Paging File | 4,66 Gb Available in Paging File | 81,49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 144,04 Gb Total Space | 87,22 Gb Free Space | 60,55% Space Free | Partition Type: NTFS

Drive D: | 144,04 Gb Total Space | 101,21 Gb Free Space | 70,27% Space Free | Partition Type: NTFS

Drive F: | 61,33 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: GK-PC | User Name: gk | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\gk\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)

PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)

PRC - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)

PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)

PRC - C:\Users\gk\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)

PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)

PRC - C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

PRC - C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()

PRC - C:\Windows\PLFSetI.exe ()

PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)

PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\ACER\Mobility Center\MobilityService.exe ()

PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\74c35ed223614a5c164e8da4188690ae\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6a39ee17f7cefb77c8e98dbfb72b058b\System.Security.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()

MOD - C:\Windows\PLFSetI.exe ()

MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()

MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()

MOD - C:\Windows\System32\msjetoledb40.dll ()

MOD - C:\Programme\Launch Manager\PowerUtl.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)

SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)

SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)

SRV - (Sony Ericsson PCCompanion) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)

SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()

SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)

SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)

SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()

SRV - (AVM IGD CTRL Service) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)

SRV - (de_serv) -- C:\Programme\Common Files\AVM\De_serv.exe (AVM Berlin)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (NetPeeker) -- C:\Windows\System32\drivers\netpeeker.sys (eMing Software Inc.)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (s1039mdm) -- C:\Windows\System32\drivers\s1039mdm.sys (MCCI Corporation)

DRV - (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1039unic.sys (MCCI Corporation)

DRV - (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1039mgmt.sys (MCCI Corporation)

DRV - (s1039obex) -- C:\Windows\System32\drivers\s1039obex.sys (MCCI Corporation)

DRV - (s1039bus) Sony Ericsson Device 1039 driver (WDM) -- C:\Windows\System32\drivers\s1039bus.sys (MCCI Corporation)

DRV - (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1039nd5.sys (MCCI Corporation)

DRV - (s1039mdfl) -- C:\Windows\System32\drivers\s1039mdfl.sys (MCCI Corporation)

DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)

DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)

DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)

DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)

DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)

DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)

DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)

DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)

DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)

DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)

DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (HPFXBULK) -- C:\Windows\System32\drivers\hpfxbulk.sys (Hewlett Packard)

DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z

IE - HKLM\..\URLSearchHook:  - No CLSID value found

IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search"

FF - prefs.js..browser.startup.homepage: "hxxp://www.arcor.de/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..network.proxy.type: 0

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.05.06 10:58:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.30 08:36:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.24 12:02:35 | 000,000,000 | ---D | M]

 

[2010.07.20 15:34:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gk\AppData\Roaming\mozilla\Extensions

[2010.02.14 08:51:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gk\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

[2011.10.24 15:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gk\AppData\Roaming\mozilla\Firefox\Profiles\ysoa0361.default\extensions

[2010.07.20 15:39:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\gk\AppData\Roaming\mozilla\Firefox\Profiles\ysoa0361.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.10.23 00:43:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\gk\AppData\Roaming\mozilla\Firefox\Profiles\ysoa0361.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011.10.19 13:51:10 | 000,000,917 | ---- | M] () -- C:\Users\gk\AppData\Roaming\Mozilla\Firefox\Profiles\ysoa0361.default\searchplugins\conduit.xml

[2011.10.24 12:02:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.09.30 09:03:36 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011.10.24 12:02:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2011.10.24 12:02:35 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

[2011.06.23 23:15:23 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.06.23 23:15:23 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.06.23 23:15:23 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.06.23 23:15:23 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.06.23 23:15:23 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)

O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O8 - Extra context menu item: Felder mit Bestellhelfer ausfüllen - C:\Program Files\DHL\DHL Bestellhelfer\fillFormContext.html ()

O8 - Extra context menu item: Felder mit Bestellhelfer merken - C:\Program Files\DHL\DHL Bestellhelfer\assignContext.html ()

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: DHL Bestellhelfer - {AC38BD53-2101-4ec8-A4D7-D1E58C690E71} - Reg Error: Key error. File not found

O9 - Extra 'Tools' menuitem : DHL Bestellhelfer - {AC38BD53-2101-4ec8-A4D7-D1E58C690E71} - Reg Error: Key error. File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)

O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D13BB00-D191-4664-A7AB-70C1FE2A1D71}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008.07.07 22:46:00 | 000,000,113 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]

O33 - MountPoints2\{2ef1b102-a44a-11de-9d24-00235a5332dc}\Shell - "" = AutoRun

O33 - MountPoints2\{2ef1b102-a44a-11de-9d24-00235a5332dc}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 04:27:14 | 000,327,680 | R--- | M] (Vodafone)

O33 - MountPoints2\{2ef1b107-a44a-11de-9d24-00235a5332dc}\Shell - "" = AutoRun

O33 - MountPoints2\{2ef1b107-a44a-11de-9d24-00235a5332dc}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{62812691-162d-11de-b22a-00235a5332dc}\Shell - "" = AutoRun

O33 - MountPoints2\{62812691-162d-11de-b22a-00235a5332dc}\Shell\AutoRun\command - "" = G:\autorun.exe de

O33 - MountPoints2\{86d5f771-1933-11df-9839-00235a5332dc}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe

O33 - MountPoints2\{ab3657be-31bd-11e0-a0cc-a9513bcf59d2}\Shell - "" = AutoRun

O33 - MountPoints2\{ab3657be-31bd-11e0-a0cc-a9513bcf59d2}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 04:27:14 | 000,327,680 | R--- | M] (Vodafone)

O33 - MountPoints2\{ba7763a4-a454-11de-97f7-00235a5332dc}\Shell - "" = AutoRun

O33 - MountPoints2\{ba7763a4-a454-11de-97f7-00235a5332dc}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 04:27:14 | 000,327,680 | R--- | M] (Vodafone)

O33 - MountPoints2\{d465a0e0-3dd1-11e0-aea7-c5e25171a7db}\Shell - "" = AutoRun

O33 - MountPoints2\{d465a0e0-3dd1-11e0-aea7-c5e25171a7db}\Shell\AutoRun\command - "" = F:\Startme.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 04:27:14 | 000,327,680 | R--- | M] (Vodafone)

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.10.24 22:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011.10.24 22:00:17 | 002,322,184 | ---- | C] (ESET) -- C:\Users\gk\Desktop\esetsmartinstaller_enu.exe

[2011.10.24 12:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2011.10.24 12:03:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011.10.23 22:21:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\gk\Desktop\OTL.exe

[2011.10.23 22:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2011.10.23 22:07:59 | 000,000,000 | ---D | C] -- C:\log2

[2011.10.23 21:43:06 | 000,000,000 | ---D | C] -- C:\Users\gk\AppData\Roaming\Malwarebytes

[2011.10.23 21:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.10.23 21:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.10.23 21:42:52 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.10.23 21:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.10.23 19:46:17 | 000,000,000 | ---D | C] -- C:\logs

[2011.10.23 16:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetPeeker

[2011.10.23 16:00:18 | 000,236,400 | ---- | C] (eMing Software Inc.) -- C:\Windows\System32\drivers\netpeeker.sys

[2011.10.23 16:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\NetPeeker

[2011.10.23 15:59:03 | 000,000,000 | ---D | C] -- C:\Neuer Ordner

[2011.10.22 23:46:38 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll

[2011.10.22 23:46:38 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll

[2011.10.22 08:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue

[2011.10.22 08:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited

[2011.10.22 08:04:18 | 000,000,000 | ---D | C] -- C:\Users\gk\AppData\Roaming\Canneverbe Limited

[2011.10.22 08:04:04 | 000,000,000 | ---D | C] -- C:\Users\gk\AppData\Roaming\OpenCandy

[2011.10.22 08:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP

[2011.10.22 08:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit

[2011.10.22 08:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine

[2011.10.22 08:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\Winload

[2011.10.22 08:03:06 | 000,000,000 | ---D | C] -- C:\Users\gk\AppData\Local\Conduit

[2011.10.22 00:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2011.10.21 22:33:01 | 000,000,000 | ---D | C] -- C:\Windows\Profiles

[2011.10.21 22:06:20 | 000,000,000 | ---D | C] -- C:\Users\gk\AppData\Roaming\Avira

[2011.10.21 22:00:21 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2011.10.21 22:00:19 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011.10.21 22:00:19 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011.10.21 22:00:19 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

[2011.10.21 22:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2011.10.21 22:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2011.10.21 08:54:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell

[2011.10.21 07:47:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO

[2009.01.17 03:02:23 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.10.25 13:57:47 | 000,023,097 | ---- | M] () -- C:\Windows\NetPkr.str

[2011.10.25 13:51:49 | 000,637,346 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.10.25 13:51:49 | 000,594,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.10.25 13:51:49 | 000,128,786 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.10.25 13:51:49 | 000,106,596 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.10.25 13:48:45 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.10.25 13:46:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.10.25 13:46:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.10.25 13:46:37 | 000,088,050 | ---- | M] () -- C:\ProgramData\nvModes.001

[2011.10.25 13:46:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.10.25 13:46:28 | 2951,053,312 | -HS- | M] () -- C:\hiberfil.sys

[2011.10.25 13:45:54 | 000,003,288 | ---- | M] () -- C:\Windows\NetPkr.Rul

[2011.10.25 05:12:13 | 000,088,050 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2011.10.25 01:07:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.10.24 22:00:23 | 002,322,184 | ---- | M] (ESET) -- C:\Users\gk\Desktop\esetsmartinstaller_enu.exe

[2011.10.24 12:06:56 | 000,000,697 | ---- | M] () -- C:\Windows\NPGUI.INI

[2011.10.24 11:44:29 | 000,003,166 | ---- | M] () -- C:\Windows\NETPKR.RUL.4

[2011.10.23 22:21:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\gk\Desktop\OTL.exe

[2011.10.23 21:42:58 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.10.23 16:06:36 | 000,003,166 | ---- | M] () -- C:\Windows\NETPKR.RUL.3

[2011.10.23 16:06:16 | 000,003,061 | ---- | M] () -- C:\Windows\NETPKR.RUL.2

[2011.10.23 16:05:47 | 000,002,955 | ---- | M] () -- C:\Windows\NETPKR.RUL.1

[2011.10.23 16:00:19 | 000,236,400 | ---- | M] (eMing Software Inc.) -- C:\Windows\System32\drivers\netpeeker.sys

[2011.10.23 16:00:19 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\NetPeeker 3.30.LNK

[2011.10.23 00:35:23 | 000,311,774 | ---- | M] () -- C:\Users\gk\AppData\Local\census.cache

[2011.10.23 00:35:01 | 000,235,883 | ---- | M] () -- C:\Users\gk\AppData\Local\ars.cache

[2011.10.23 00:24:00 | 000,000,036 | ---- | M] () -- C:\Users\gk\AppData\Local\housecall.guid.cache

[2011.10.22 23:46:36 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk

[2011.10.22 23:46:36 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk

[2011.10.22 08:55:00 | 000,083,968 | ---- | M] () -- C:\Users\gk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.10.22 08:04:07 | 000,001,738 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk

[2011.10.22 07:56:26 | 000,000,043 | ---- | M] () -- C:\Windows\gswin32.ini

[2011.10.22 07:55:59 | 000,001,832 | ---- | M] () -- C:\Users\gk\Desktop\Cyberlink PowerDirector.lnk

[2011.10.22 00:58:36 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2011.10.21 22:36:31 | 000,000,042 | ---- | M] () -- C:\Windows\System32\scud.udf

[2011.10.21 10:23:52 | 000,440,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.10.11 15:06:12 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011.10.11 15:06:12 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011.10.11 15:06:12 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.10.24 11:44:29 | 000,003,166 | ---- | C] () -- C:\Windows\NETPKR.RUL.4

[2011.10.23 21:42:58 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.10.23 16:06:36 | 000,003,166 | ---- | C] () -- C:\Windows\NETPKR.RUL.3

[2011.10.23 16:06:16 | 000,003,061 | ---- | C] () -- C:\Windows\NETPKR.RUL.2

[2011.10.23 16:05:47 | 000,002,955 | ---- | C] () -- C:\Windows\NETPKR.RUL.1

[2011.10.23 16:02:21 | 000,000,697 | ---- | C] () -- C:\Windows\NPGUI.INI

[2011.10.23 16:00:34 | 000,023,097 | ---- | C] () -- C:\Windows\NetPkr.str

[2011.10.23 16:00:19 | 000,003,288 | ---- | C] () -- C:\Windows\NetPkr.Rul

[2011.10.23 16:00:19 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\NetPeeker 3.30.LNK

[2011.10.23 00:35:23 | 000,311,774 | ---- | C] () -- C:\Users\gk\AppData\Local\census.cache

[2011.10.23 00:35:01 | 000,235,883 | ---- | C] () -- C:\Users\gk\AppData\Local\ars.cache

[2011.10.23 00:24:00 | 000,000,036 | ---- | C] () -- C:\Users\gk\AppData\Local\housecall.guid.cache

[2011.10.22 08:04:07 | 000,001,738 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk

[2011.10.22 08:04:07 | 000,001,688 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk

[2011.10.21 22:36:31 | 000,000,042 | ---- | C] () -- C:\Windows\System32\scud.udf

[2011.10.21 22:00:51 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2011.10.21 08:53:22 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs

[2011.10.21 08:53:22 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml

[2011.10.21 08:53:22 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl

[2011.03.31 10:01:54 | 000,195,266 | ---- | C] () -- C:\Windows\hppins13.dat

[2011.03.31 10:01:54 | 000,006,760 | ---- | C] () -- C:\Windows\hppmdl13.dat

[2011.03.31 10:01:43 | 000,000,619 | ---- | C] () -- C:\Windows\System32\hppapr13.dat

[2010.07.20 15:34:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010.03.10 18:50:34 | 000,000,740 | ---- | C] () -- C:\Windows\wiso.ini

[2009.12.05 12:48:45 | 000,000,680 | ---- | C] () -- C:\Users\gk\AppData\Local\d3d9caps.dat

[2009.10.14 15:23:44 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll

[2009.10.14 15:23:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe

[2009.10.14 14:57:57 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini

[2009.06.21 20:13:41 | 000,000,059 | ---- | C] () -- C:\Windows\wininit.ini

[2009.06.07 21:25:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009.04.08 17:25:20 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll

[2009.03.25 17:48:07 | 000,024,206 | ---- | C] () -- C:\Users\gk\AppData\Roaming\UserTile.png

[2009.03.25 17:39:36 | 000,004,096 | -H-- | C] () -- C:\Users\gk\AppData\Local\keyfile3.drm

[2009.03.16 00:55:45 | 000,083,968 | ---- | C] () -- C:\Users\gk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.03.13 15:11:04 | 000,088,050 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009.03.13 13:47:21 | 000,000,100 | ---- | C] () -- C:\Users\gk\AppData\Roaming\wklnhst.dat

[2009.03.13 13:41:10 | 000,088,050 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009.02.21 15:45:50 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll

[2009.02.21 15:45:50 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe

[2009.02.21 15:45:50 | 000,009,216 | ---- | C] () -- C:\Windows\usbvideo_reg.exe

[2009.02.21 15:45:50 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini

[2009.01.17 03:00:54 | 000,014,640 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat

[2009.01.16 20:57:26 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll

[2009.01.16 20:57:26 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll

[2009.01.16 19:40:41 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat

[2009.01.16 19:40:41 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat

[2009.01.16 19:40:41 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

[2009.01.16 19:40:41 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

[2009.01.16 18:46:27 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.01.16 18:46:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008.06.23 13:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

[2008.05.23 17:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml

[2008.01.21 09:15:58 | 000,637,346 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2008.01.21 09:15:58 | 000,128,786 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2007.03.29 22:00:40 | 000,203,264 | ---- | C] () -- C:\Windows\System32\CddbCdda.dll

[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:47:37 | 000,440,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 12:33:01 | 000,594,776 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,106,596 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

 
 ========== LOP Check ==========

 

[2009.01.16 20:31:31 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Acer GameZone Console

[2010.03.10 18:43:12 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Buhl Data Service

[2010.02.04 11:30:35 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Camfrog

[2011.10.22 08:04:18 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Canneverbe Limited

[2009.03.12 19:51:54 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\eSobi

[2009.03.13 13:48:16 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Flood Light Games

[2010.08.29 15:35:27 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Fraunhofer

[2009.03.13 16:06:11 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\FRITZ!

[2011.06.30 16:57:55 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\go

[2011.10.03 10:37:02 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\ICQ

[2009.05.06 11:00:56 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Nokia

[2009.10.04 01:37:52 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\OCS

[2011.10.22 08:04:04 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\OpenCandy

[2009.10.04 01:37:58 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Opera

[2009.05.06 11:01:03 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\PC Suite

[2009.03.25 17:48:07 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\PeerNetworking

[2009.03.27 21:44:45 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\PowerCinema

[2009.03.27 21:44:54 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\SoftDMA

[2011.02.21 20:23:51 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Sony

[2011.02.21 20:17:57 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Sony Setup

[2009.10.04 12:09:47 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\soul.im

[2009.03.13 13:47:21 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Template

[2010.02.14 08:51:42 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\TomTom

[2010.01.04 02:37:44 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\TuneUp Software

[2009.09.18 14:27:47 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Vodafone

[2009.11.27 18:21:38 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Windows Live Writer

[2011.10.25 05:23:28 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2009.01.16 20:31:31 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Acer GameZone Console

[2009.03.13 15:15:10 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Adobe

[2010.04.06 12:25:52 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Apple Computer

[2011.10.21 22:06:20 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Avira

[2010.03.10 18:43:12 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Buhl Data Service

[2010.02.04 11:30:35 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Camfrog

[2011.10.22 08:04:18 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Canneverbe Limited

[2009.03.27 21:44:56 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\CyberLink

[2010.03.03 11:42:17 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\dvdcss

[2009.03.12 19:51:54 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\eSobi

[2009.03.13 13:48:16 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Flood Light Games

[2010.08.29 15:35:27 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Fraunhofer

[2009.03.13 16:06:11 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\FRITZ!

[2011.06.30 16:57:55 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\go

[2009.03.15 00:11:53 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Google

[2011.10.03 10:37:02 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\ICQ

[2009.03.12 19:32:18 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Identities

[2009.03.12 19:32:45 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Macromedia

[2011.10.23 21:43:06 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Malwarebytes

[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Media Center Programs

[2010.07.08 23:25:21 | 000,000,000 | --SD | M] -- C:\Users\gk\AppData\Roaming\Microsoft

[2010.06.19 14:36:03 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Mozilla

[2009.05.06 11:00:56 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Nokia

[2009.10.04 01:37:52 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\OCS

[2011.10.22 08:04:04 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\OpenCandy

[2009.10.04 01:37:58 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Opera

[2009.05.06 11:01:03 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\PC Suite

[2009.03.25 17:48:07 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\PeerNetworking

[2009.03.27 21:44:45 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\PowerCinema

[2011.10.21 17:14:15 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Skype

[2011.05.28 11:56:08 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\skypePM

[2009.03.27 21:44:54 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\SoftDMA

[2011.02.21 20:23:51 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Sony

[2011.02.21 20:17:57 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Sony Setup

[2009.10.04 12:09:47 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\soul.im

[2009.03.13 13:47:21 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Template

[2010.02.14 08:51:42 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\TomTom

[2010.01.04 02:37:44 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\TuneUp Software

[2009.03.27 22:05:59 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\vlc

[2009.09.18 14:27:47 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Vodafone

[2011.03.24 22:57:41 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Winamp

[2009.11.27 18:21:38 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\Windows Live Writer

[2009.03.28 23:45:18 | 000,000,000 | ---D | M] -- C:\Users\gk\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2010.02.06 17:40:14 | 000,001,406 | R--- | M] () -- C:\Users\gk\AppData\Roaming\Microsoft\Installer\{47D80D13-607F-4F1D-A99B-C66BE2C0293F}\_6FEFF9B68218417F98F549.exe

[2009.10.04 01:37:52 | 000,106,496 | ---- | M] () -- C:\Users\gk\AppData\Roaming\OCS\SM\SearchAnonymizer.exe

[2009.10.04 01:37:52 | 000,040,960 | ---- | M] () -- C:\Users\gk\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe

[2011.08.01 18:32:56 | 005,845,544 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\gk\AppData\Roaming\OpenCandy\OpenCandy_3BE2CBAB1D0040CFAD51E2A8565B8691\ds_DeDnCD_driverscanner.exe

[2011.10.22 08:04:06 | 000,416,160 | ---- | M] () -- C:\Users\gk\AppData\Roaming\OpenCandy\OpenCandy_3BE2CBAB1D0040CFAD51E2A8565B8691\LatestDLMgr.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2007.01.12 23:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\Cyberlink\PowerDirector\EventLog.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: NVSTOR32.SYS  >

[2008.08.19 04:58:42 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=2A0CC26D67B38460CC7563BC8313C1D6 -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP79\IDE\WinVista\sataraid\nvstor32.sys

[2008.08.19 04:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP79\IDE\WinVista\sata_ide\nvstor32.sys

[2008.08.19 04:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\Windows\System32\drivers\nvstor32.sys

[2008.08.19 04:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_de3b0723\nvstor32.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:A42A9F39

@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:AB689DEA

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:05113FB9

@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:F3176E45
 

< End of report >

--- --- ---

Danke
MfG Gerd

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z

IE - HKLM\..\URLSearchHook:  - No CLSID value found

IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_5737z

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2319825

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search"

FF - prefs.js..browser.startup.homepage: "http://www.arcor.de/"

[2011.10.19 13:51:10 | 000,000,917 | ---- | M] () -- C:\Users\gk\AppData\Roaming\Mozilla\Firefox\Profiles\ysoa0361.default\searchplugins\conduit.xml

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)

2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008.07.07 22:46:00 | 000,000,113 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]

O33 - MountPoints2\{2ef1b102-a44a-11de-9d24-00235a5332dc}\Shell - "" = AutoRun

O33 - MountPoints2\{2ef1b102-a44a-11de-9d24-00235a5332dc}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 04:27:14 | 000,327,680 | R--- | M] (Vodafone)

O33 - MountPoints2\{2ef1b107-a44a-11de-9d24-00235a5332dc}\Shell - "" = AutoRun

O33 - MountPoints2\{2ef1b107-a44a-11de-9d24-00235a5332dc}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{62812691-162d-11de-b22a-00235a5332dc}\Shell - "" = AutoRun

O33 - MountPoints2\{62812691-162d-11de-b22a-00235a5332dc}\Shell\AutoRun\command - "" = G:\autorun.exe de

O33 - MountPoints2\{86d5f771-1933-11df-9839-00235a5332dc}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe

O33 - MountPoints2\{ab3657be-31bd-11e0-a0cc-a9513bcf59d2}\Shell - "" = AutoRun

O33 - MountPoints2\{ab3657be-31bd-11e0-a0cc-a9513bcf59d2}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 04:27:14 | 000,327,680 | R--- | M] (Vodafone)

O33 - MountPoints2\{ba7763a4-a454-11de-97f7-00235a5332dc}\Shell - "" = AutoRun

O33 - MountPoints2\{ba7763a4-a454-11de-97f7-00235a5332dc}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 04:27:14 | 000,327,680 | R--- | M] (Vodafone)

O33 - MountPoints2\{d465a0e0-3dd1-11e0-aea7-c5e25171a7db}\Shell - "" = AutoRun

O33 - MountPoints2\{d465a0e0-3dd1-11e0-aea7-c5e25171a7db}\Shell\AutoRun\command - "" = F:\Startme.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2008.07.08 04:27:14 | 000,327,680 | R--- | M] (Vodafone)

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:A42A9F39

@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:AB689DEA

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:05113FB9

@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:F3176E45

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Ich habe zwar keine Ahnung, was ich hier tue, aber es ist auf jeden Fall sehr spannend :lach:

PHP-Code:

   All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.

C:\Programme\Winload\prxtbWinl.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.

C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.

File C:\Programme\Winload\prxtbWinl.dll not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

Prefs.js: "Winload Customized Web Search" removed from browser.search.defaultthis.engineName

Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl

Prefs.js: "Winload Customized Web Search" removed from browser.search.selectedEngine

Prefs.js: "hxxp://www.arcor.de/" removed from browser.startup.homepage

C:\Users\gk\AppData\Roaming\Mozilla\Firefox\Profiles\ysoa0361.default\searchplugins\conduit.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

C:\Programme\ConduitEngine\prxConduitEngine.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.

File C:\Programme\Winload\prxtbWinl.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

File C:\Programme\ConduitEngine\prxConduitEngine.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.

File C:\Programme\Winload\prxtbWinl.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found.

File C:\Programme\Winload\prxtbWinl.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

File F:\Autorun.inf not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ef1b102-a44a-11de-9d24-00235a5332dc}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ef1b102-a44a-11de-9d24-00235a5332dc}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ef1b102-a44a-11de-9d24-00235a5332dc}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ef1b102-a44a-11de-9d24-00235a5332dc}\ not found.

File F:\setup_vmc_lite.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ef1b107-a44a-11de-9d24-00235a5332dc}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ef1b107-a44a-11de-9d24-00235a5332dc}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ef1b107-a44a-11de-9d24-00235a5332dc}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ef1b107-a44a-11de-9d24-00235a5332dc}\ not found.

File H:\setup_vmc_lite.exe /checkApplicationPresence not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62812691-162d-11de-b22a-00235a5332dc}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62812691-162d-11de-b22a-00235a5332dc}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62812691-162d-11de-b22a-00235a5332dc}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62812691-162d-11de-b22a-00235a5332dc}\ not found.

File G:\autorun.exe de not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86d5f771-1933-11df-9839-00235a5332dc}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86d5f771-1933-11df-9839-00235a5332dc}\ not found.

File I:\InstallTomTomHOME.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab3657be-31bd-11e0-a0cc-a9513bcf59d2}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab3657be-31bd-11e0-a0cc-a9513bcf59d2}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab3657be-31bd-11e0-a0cc-a9513bcf59d2}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab3657be-31bd-11e0-a0cc-a9513bcf59d2}\ not found.

File F:\setup_vmc_lite.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba7763a4-a454-11de-97f7-00235a5332dc}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba7763a4-a454-11de-97f7-00235a5332dc}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba7763a4-a454-11de-97f7-00235a5332dc}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba7763a4-a454-11de-97f7-00235a5332dc}\ not found.

File F:\setup_vmc_lite.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d465a0e0-3dd1-11e0-aea7-c5e25171a7db}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d465a0e0-3dd1-11e0-aea7-c5e25171a7db}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d465a0e0-3dd1-11e0-aea7-c5e25171a7db}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d465a0e0-3dd1-11e0-aea7-c5e25171a7db}\ not found.

File F:\Startme.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.

File F:\setup_vmc_lite.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.

File H:\setup_vmc_lite.exe /checkApplicationPresence not found.

ADS C:\ProgramData\Temp:A42A9F39 deleted successfully.

ADS C:\ProgramData\Temp:AB689DEA deleted successfully.

ADS C:\ProgramData\Temp:05113FB9 deleted successfully.

ADS C:\ProgramData\Temp:F3176E45 deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

 

User: gk

->Temp folder emptied: 304737475 bytes

->Java cache emptied: 63232514 bytes

->FireFox cache emptied: 57808965 bytes

->Flash cache emptied: 285020 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 30016 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 85234833 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 488,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 10252011_161652

 
Files\Folders moved on Reboot...

 
Registry entries deleted on Reboot...

MfG Gerd

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

tdsskiller report

PHP-Code:

   17:22:51.0999 4280    TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21

17:22:52.0061 4280    ============================================================

17:22:52.0061 4280    Current date / time: 2011/10/25 17:22:52.0061

17:22:52.0061 4280    SystemInfo:

17:22:52.0061 4280    

17:22:52.0061 4280    OS Version: 6.0.6001 ServicePack: 1.0

17:22:52.0061 4280    Product type: Workstation

17:22:52.0061 4280    ComputerName: GK-PC

17:22:52.0061 4280    UserName: gk

17:22:52.0061 4280    Windows directory: C:\Windows

17:22:52.0061 4280    System windows directory: C:\Windows

17:22:52.0061 4280    Processor architecture: Intel x86

17:22:52.0061 4280    Number of processors: 2

17:22:52.0061 4280    Page size: 0x1000

17:22:52.0061 4280    Boot type: Normal boot

17:22:52.0061 4280    ============================================================

17:22:52.0592 4280    Initialize success

17:23:00.0516 4128    ============================================================

17:23:00.0516 4128    Scan started

17:23:00.0516 4128    Mode: Manual; SigCheck; TDLFS; 

17:23:00.0516 4128    ============================================================

17:23:01.0062 4128    ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys

17:23:01.0172 4128    ACPI - ok

17:23:01.0218 4128    adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

17:23:01.0250 4128    adp94xx - ok

17:23:01.0328 4128    adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

17:23:01.0343 4128    adpahci - ok

17:23:01.0406 4128    adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

17:23:01.0421 4128    adpu160m - ok

17:23:01.0452 4128    adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

17:23:01.0468 4128    adpu320 - ok

17:23:01.0562 4128    AFD             (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys

17:23:01.0624 4128    AFD - ok

17:23:01.0718 4128    agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

17:23:01.0718 4128    agp440 - ok

17:23:01.0749 4128    aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

17:23:01.0764 4128    aic78xx - ok

17:23:01.0780 4128    aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

17:23:01.0796 4128    aliide - ok

17:23:01.0874 4128    amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

17:23:01.0874 4128    amdagp - ok

17:23:01.0905 4128    amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

17:23:01.0920 4128    amdide - ok

17:23:01.0936 4128    AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

17:23:01.0967 4128    AmdK7 - ok

17:23:02.0045 4128    AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

17:23:02.0092 4128    AmdK8 - ok

17:23:02.0139 4128    arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

17:23:02.0154 4128    arc - ok

17:23:02.0248 4128    arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

17:23:02.0264 4128    arcsas - ok

17:23:02.0310 4128    AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

17:23:02.0342 4128    AsyncMac - ok

17:23:02.0420 4128    atapi           (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys

17:23:02.0435 4128    atapi - ok

17:23:02.0544 4128    athr            (44362605f5fff00c9b7696b47680a8c5) C:\Windows\system32\DRIVERS\athr.sys

17:23:02.0669 4128    athr - ok

17:23:02.0763 4128    avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys

17:23:02.0810 4128    avgntflt - ok

17:23:02.0841 4128    avipbb          (912d23140cd05980f6cdae790ddafc8d) C:\Windows\system32\DRIVERS\avipbb.sys

17:23:02.0856 4128    avipbb - ok

17:23:02.0888 4128    avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys

17:23:02.0903 4128    avkmgr - ok

17:23:02.0981 4128    b57nd60x        (ecb5707db7d5183e8bfbbc14b38c09bf) C:\Windows\system32\DRIVERS\b57nd60x.sys

17:23:03.0044 4128    b57nd60x - ok

17:23:03.0137 4128    Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

17:23:03.0168 4128    Beep - ok

17:23:03.0215 4128    blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

17:23:03.0246 4128    blbdrive - ok

17:23:03.0324 4128    bowser          (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys

17:23:03.0371 4128    bowser - ok

17:23:03.0465 4128    BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

17:23:03.0496 4128    BrFiltLo - ok

17:23:03.0543 4128    BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

17:23:03.0590 4128    BrFiltUp - ok

17:23:03.0668 4128    Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\DRIVERS\BrSerId.sys

17:23:03.0824 4128    Brserid - ok

17:23:03.0917 4128    BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

17:23:03.0980 4128    BrSerWdm - ok

17:23:04.0011 4128    BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

17:23:04.0073 4128    BrUsbMdm - ok

17:23:04.0136 4128    BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\DRIVERS\BrUsbSer.sys

17:23:04.0198 4128    BrUsbSer - ok

17:23:04.0245 4128    BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

17:23:04.0307 4128    BTHMODEM - ok

17:23:04.0385 4128    cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

17:23:04.0432 4128    cdfs - ok

17:23:04.0463 4128    cdrom           (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

17:23:04.0510 4128    cdrom - ok

17:23:04.0588 4128    circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

17:23:04.0619 4128    circlass - ok

17:23:04.0666 4128    CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys

17:23:04.0682 4128    CLFS - ok

17:23:04.0760 4128    CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

17:23:04.0791 4128    CmBatt - ok

17:23:04.0822 4128    cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

17:23:04.0822 4128    cmdide - ok

17:23:04.0900 4128    Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

17:23:04.0900 4128    Compbatt - ok

17:23:04.0931 4128    crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

17:23:04.0947 4128    crcdisk - ok

17:23:04.0978 4128    Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

17:23:05.0009 4128    Crusoe - ok

17:23:05.0118 4128    DfsC            (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys

17:23:05.0150 4128    DfsC - ok

17:23:05.0196 4128    disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

17:23:05.0212 4128    disk - ok

17:23:05.0274 4128    DKbFltr         (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys

17:23:05.0290 4128    DKbFltr - ok

17:23:05.0352 4128    DritekPortIO    (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys

17:23:05.0368 4128    DritekPortIO - ok

17:23:05.0462 4128    drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

17:23:05.0493 4128    drmkaud - ok

17:23:05.0540 4128    DXGKrnl         (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys

17:23:05.0633 4128    DXGKrnl - ok

17:23:05.0711 4128    E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

17:23:05.0758 4128    E1G60 - ok

17:23:05.0820 4128    Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

17:23:05.0820 4128    Ecache - ok

17:23:05.0930 4128    elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

17:23:05.0945 4128    elxstor - ok

17:23:05.0976 4128    ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

17:23:06.0039 4128    ErrDev - ok

17:23:06.0148 4128    exfat           (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

17:23:06.0195 4128    exfat - ok

17:23:06.0226 4128    fastfat         (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

17:23:06.0257 4128    fastfat - ok

17:23:06.0335 4128    fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

17:23:06.0382 4128    fdc - ok

17:23:06.0429 4128    FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

17:23:06.0429 4128    FileInfo - ok

17:23:06.0507 4128    Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

17:23:06.0554 4128    Filetrace - ok

17:23:06.0585 4128    flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

17:23:06.0632 4128    flpydisk - ok

17:23:06.0710 4128    FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

17:23:06.0725 4128    FltMgr - ok

17:23:06.0756 4128    Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

17:23:06.0803 4128    Fs_Rec - ok

17:23:06.0866 4128    gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

17:23:06.0881 4128    gagp30kx - ok

17:23:06.0928 4128    HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

17:23:06.0990 4128    HdAudAddService - ok

17:23:07.0022 4128    HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

17:23:07.0084 4128    HDAudBus - ok

17:23:07.0146 4128    HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

17:23:07.0209 4128    HidBth - ok

17:23:07.0240 4128    HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

17:23:07.0287 4128    HidIr - ok

17:23:07.0365 4128    HidUsb          (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

17:23:07.0396 4128    HidUsb - ok

17:23:07.0474 4128    HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

17:23:07.0490 4128    HpCISSs - ok

17:23:07.0552 4128    HPFXBULK        (299683d4c8aaa3f6f5d5d226a1782a6e) C:\Windows\system32\drivers\hpfxbulk.sys

17:23:07.0568 4128    HPFXBULK - ok

17:23:07.0646 4128    HTTP            (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys

17:23:07.0724 4128    HTTP - ok

17:23:07.0817 4128    hwdatacard      (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys

17:23:07.0848 4128    hwdatacard - ok

17:23:07.0942 4128    i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

17:23:07.0958 4128    i2omp - ok

17:23:07.0989 4128    i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

17:23:08.0020 4128    i8042prt - ok

17:23:08.0051 4128    iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

17:23:08.0051 4128    iaStorV - ok

17:23:08.0129 4128    iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

17:23:08.0145 4128    iirsp - ok

17:23:08.0238 4128    IntcAzAudAddService (56ac584fe02e0c1d5924892562cbd572) C:\Windows\system32\drivers\RTKVHDA.sys

17:23:08.0394 4128    IntcAzAudAddService - ok

17:23:08.0488 4128    intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

17:23:08.0504 4128    intelide - ok

17:23:08.0519 4128    intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

17:23:08.0550 4128    intelppm - ok

17:23:08.0582 4128    IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:23:08.0613 4128    IpFilterDriver - ok

17:23:08.0660 4128    IpInIp - ok

17:23:08.0722 4128    IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

17:23:08.0738 4128    IPMIDRV - ok

17:23:08.0769 4128    IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

17:23:08.0800 4128    IPNAT - ok

17:23:08.0862 4128    IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

17:23:08.0909 4128    IRENUM - ok

17:23:08.0925 4128    isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

17:23:08.0940 4128    isapnp - ok

17:23:08.0972 4128    iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

17:23:08.0972 4128    iScsiPrt - ok

17:23:09.0050 4128    iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

17:23:09.0065 4128    iteatapi - ok

17:23:09.0112 4128    iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

17:23:09.0112 4128    iteraid - ok

17:23:09.0143 4128    JMCR            (4159687fbeeab60486cefd6a58f3a2d7) C:\Windows\system32\DRIVERS\jmcr.sys

17:23:09.0190 4128    JMCR - ok

17:23:09.0268 4128    kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

17:23:09.0284 4128    kbdclass - ok

17:23:09.0315 4128    kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys

17:23:09.0346 4128    kbdhid - ok

17:23:09.0408 4128    KSecDD          (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys

17:23:09.0440 4128    KSecDD - ok

17:23:09.0518 4128    lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

17:23:09.0549 4128    lltdio - ok

17:23:09.0596 4128    LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

17:23:09.0611 4128    LSI_FC - ok

17:23:09.0627 4128    LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

17:23:09.0642 4128    LSI_SAS - ok

17:23:09.0720 4128    LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

17:23:09.0736 4128    LSI_SCSI - ok

17:23:09.0767 4128    luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

17:23:09.0798 4128    luafv - ok

17:23:09.0830 4128    megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

17:23:09.0830 4128    megasas - ok

17:23:09.0908 4128    MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

17:23:09.0923 4128    MegaSR - ok

17:23:09.0986 4128    Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

17:23:10.0017 4128    Modem - ok

17:23:10.0079 4128    monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

17:23:10.0126 4128    monitor - ok

17:23:10.0157 4128    mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

17:23:10.0173 4128    mouclass - ok

17:23:10.0204 4128    mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

17:23:10.0251 4128    mouhid - ok

17:23:10.0313 4128    MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

17:23:10.0329 4128    MountMgr - ok

17:23:10.0391 4128    mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

17:23:10.0407 4128    mpio - ok

17:23:10.0469 4128    mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

17:23:10.0500 4128    mpsdrv - ok

17:23:10.0547 4128    Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

17:23:10.0563 4128    Mraid35x - ok

17:23:10.0578 4128    MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

17:23:10.0625 4128    MRxDAV - ok

17:23:10.0703 4128    mrxsmb          (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:23:10.0734 4128    mrxsmb - ok

17:23:10.0812 4128    mrxsmb10        (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:23:10.0828 4128    mrxsmb10 - ok

17:23:10.0906 4128    mrxsmb20        (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:23:10.0922 4128    mrxsmb20 - ok

17:23:10.0984 4128    msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

17:23:11.0000 4128    msahci - ok

17:23:11.0046 4128    msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

17:23:11.0046 4128    msdsm - ok

17:23:11.0109 4128    Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

17:23:11.0156 4128    Msfs - ok

17:23:11.0187 4128    msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

17:23:11.0202 4128    msisadrv - ok

17:23:11.0265 4128    MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

17:23:11.0312 4128    MSKSSRV - ok

17:23:11.0343 4128    MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

17:23:11.0374 4128    MSPCLOCK - ok

17:23:11.0421 4128    MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

17:23:11.0452 4128    MSPQM - ok

17:23:11.0499 4128    MsRPC           (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

17:23:11.0514 4128    MsRPC - ok

17:23:11.0577 4128    mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

17:23:11.0592 4128    mssmbios - ok

17:23:11.0655 4128    MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

17:23:11.0670 4128    MSTEE - ok

17:23:11.0686 4128    Mup             (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

17:23:11.0702 4128    Mup - ok

17:23:11.0764 4128    NativeWifiP     (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys

17:23:11.0811 4128    NativeWifiP - ok

17:23:11.0904 4128    NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys

17:23:11.0920 4128    NDIS - ok

17:23:11.0951 4128    NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

17:23:11.0998 4128    NdisTapi - ok

17:23:12.0014 4128    Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

17:23:12.0045 4128    Ndisuio - ok

17:23:12.0107 4128    NdisWan         (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

17:23:12.0123 4128    NdisWan - ok

17:23:12.0170 4128    NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

17:23:12.0216 4128    NDProxy - ok

17:23:12.0232 4128    NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

17:23:12.0279 4128    NetBIOS - ok

17:23:12.0341 4128    netbt           (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys

17:23:12.0372 4128    netbt - ok

17:23:12.0497 4128    NetPeeker       (3595a4d8ed987a5966060c0e5afcf1e2) C:\Windows\system32\DRIVERS\netpeeker.sys

17:23:12.0513 4128    NetPeeker - ok

17:23:12.0622 4128    netr28          (95725c00b580ed75a80e94acbc77cdbc) C:\Windows\system32\DRIVERS\netr28.sys

17:23:12.0700 4128    netr28 - ok

17:23:12.0809 4128    nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

17:23:12.0809 4128    nfrd960 - ok

17:23:12.0856 4128    nmwcd           (9a908a9bb857c2cceb2907eb9dcaeb8b) C:\Windows\system32\drivers\ccdcmb.sys

17:23:12.0887 4128    nmwcd - ok

17:23:12.0965 4128    nmwcdc          (68ec3ee2348e475ea62c66e6aafcfc9b) C:\Windows\system32\drivers\ccdcmbo.sys

17:23:12.0996 4128    nmwcdc - ok

17:23:13.0043 4128    Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

17:23:13.0074 4128    Npfs - ok

17:23:13.0137 4128    nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

17:23:13.0168 4128    nsiproxy - ok

17:23:13.0230 4128    Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

17:23:13.0262 4128    Ntfs - ok

17:23:13.0324 4128    NTIDrvr         (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys

17:23:13.0340 4128    NTIDrvr - ok

17:23:13.0464 4128    ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

17:23:13.0527 4128    ntrigdigi - ok

17:23:13.0574 4128    Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

17:23:13.0605 4128    Null - ok

17:23:13.0683 4128    NVHDA           (faa22e6256d9fa2c7f77b67c68cdd749) C:\Windows\system32\drivers\nvhda32v.sys

17:23:13.0698 4128    NVHDA - ok

17:23:13.0917 4128    nvlddmkm        (996de3e355af722b340de8ef708651de) C:\Windows\system32\DRIVERS\nvlddmkm.sys

17:23:14.0260 4128    nvlddmkm - ok

17:23:14.0354 4128    nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

17:23:14.0354 4128    nvraid - ok

17:23:14.0385 4128    nvsmu           (af1bd777af00e96c45c77192d7453369) C:\Windows\system32\DRIVERS\nvsmu.sys

17:23:14.0416 4128    nvsmu - ok

17:23:14.0478 4128    nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

17:23:14.0494 4128    nvstor - ok

17:23:14.0541 4128    nvstor32        (8ee374b6fb3cb2bb8d70395218b464a5) C:\Windows\system32\DRIVERS\nvstor32.sys

17:23:14.0556 4128    nvstor32 - ok

17:23:14.0572 4128    nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

17:23:14.0588 4128    nv_agp - ok

17:23:14.0634 4128    NwlnkFlt - ok

17:23:14.0650 4128    NwlnkFwd - ok

17:23:14.0697 4128    ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

17:23:14.0759 4128    ohci1394 - ok

17:23:14.0790 4128    Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

17:23:14.0853 4128    Parport - ok

17:23:14.0915 4128    partmgr         (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

17:23:14.0931 4128    partmgr - ok

17:23:14.0962 4128    Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

17:23:15.0009 4128    Parvdm - ok

17:23:15.0056 4128    pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys

17:23:15.0102 4128    pccsmcfd - ok

17:23:15.0165 4128    pci             (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys

17:23:15.0180 4128    pci - ok

17:23:15.0212 4128    pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

17:23:15.0227 4128    pciide - ok

17:23:15.0243 4128    pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

17:23:15.0258 4128    pcmcia - ok

17:23:15.0336 4128    PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

17:23:15.0399 4128    PEAUTH - ok

17:23:15.0539 4128    PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

17:23:15.0570 4128    PptpMiniport - ok

17:23:15.0617 4128    Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

17:23:15.0648 4128    Processor - ok

17:23:15.0726 4128    PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys

17:23:15.0758 4128    PSched - ok

17:23:15.0820 4128    ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

17:23:15.0929 4128    ql2300 - ok

17:23:16.0023 4128    ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

17:23:16.0038 4128    ql40xx - ok

17:23:16.0101 4128    QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

17:23:16.0116 4128    QWAVEdrv - ok

17:23:16.0132 4128    RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

17:23:16.0163 4128    RasAcd - ok

17:23:16.0226 4128    Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:23:16.0272 4128    Rasl2tp - ok

17:23:16.0304 4128    RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

17:23:16.0335 4128    RasPppoe - ok

17:23:16.0350 4128    RasSstp         (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

17:23:16.0366 4128    RasSstp - ok

17:23:16.0397 4128    rdbss           (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

17:23:16.0444 4128    rdbss - ok

17:23:16.0522 4128    RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:23:16.0569 4128    RDPCDD - ok

17:23:16.0600 4128    rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

17:23:16.0631 4128    rdpdr - ok

17:23:16.0647 4128    RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

17:23:16.0694 4128    RDPENCDD - ok

17:23:16.0772 4128    RDPWD           (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

17:23:16.0803 4128    RDPWD - ok

17:23:16.0850 4128    RkHit - ok

17:23:16.0881 4128    rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

17:23:16.0912 4128    rspndr - ok

17:23:16.0974 4128    s0016bus        (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys

17:23:16.0990 4128    s0016bus - ok

17:23:17.0052 4128    s0016mdfl       (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys

17:23:17.0068 4128    s0016mdfl - ok

17:23:17.0099 4128    s0016mdm        (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys

17:23:17.0115 4128    s0016mdm - ok

17:23:17.0177 4128    s0016mgmt       (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys

17:23:17.0193 4128    s0016mgmt - ok

17:23:17.0240 4128    s0016nd5        (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys

17:23:17.0255 4128    s0016nd5 - ok

17:23:17.0271 4128    s0016obex       (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys

17:23:17.0286 4128    s0016obex - ok

17:23:17.0349 4128    s0016unic       (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys

17:23:17.0380 4128    s0016unic - ok

17:23:17.0458 4128    s1039bus        (d0eedc88876b20d42157cdcca3e647f3) C:\Windows\system32\DRIVERS\s1039bus.sys

17:23:17.0474 4128    s1039bus - ok

17:23:17.0536 4128    s1039mdfl       (7b35091a7bb597c86262c589b0b57d06) C:\Windows\system32\DRIVERS\s1039mdfl.sys

17:23:17.0536 4128    s1039mdfl - ok

17:23:17.0598 4128    s1039mdm        (4cb1ab13c9813cbf3e4c6406f8043ec2) C:\Windows\system32\DRIVERS\s1039mdm.sys

17:23:17.0614 4128    s1039mdm - ok

17:23:17.0645 4128    s1039mgmt       (2649ca09585a7531126dcc116ad1f88c) C:\Windows\system32\DRIVERS\s1039mgmt.sys

17:23:17.0661 4128    s1039mgmt - ok

17:23:17.0708 4128    s1039nd5        (6d3f549efd6daedd7d12f3de2175053f) C:\Windows\system32\DRIVERS\s1039nd5.sys

17:23:17.0723 4128    s1039nd5 - ok

17:23:17.0801 4128    s1039obex       (305e3e3aca0037af2e2c1b50a383c91b) C:\Windows\system32\DRIVERS\s1039obex.sys

17:23:17.0817 4128    s1039obex - ok

17:23:17.0832 4128    s1039unic       (7dd02a58277c84c043442561589914f4) C:\Windows\system32\DRIVERS\s1039unic.sys

17:23:17.0848 4128    s1039unic - ok

17:23:17.0910 4128    sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

17:23:17.0926 4128    sbp2port - ok

17:23:17.0988 4128    sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys

17:23:18.0035 4128    sdbus - ok

17:23:18.0098 4128    secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

17:23:18.0144 4128    secdrv - ok

17:23:18.0191 4128    Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

17:23:18.0238 4128    Serenum - ok

17:23:18.0285 4128    Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

17:23:18.0332 4128    Serial - ok

17:23:18.0394 4128    sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

17:23:18.0425 4128    sermouse - ok

17:23:18.0456 4128    sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

17:23:18.0488 4128    sffdisk - ok

17:23:18.0550 4128    sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

17:23:18.0581 4128    sffp_mmc - ok

17:23:18.0644 4128    sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

17:23:18.0690 4128    sffp_sd - ok

17:23:18.0753 4128    sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

17:23:18.0800 4128    sfloppy - ok

17:23:18.0909 4128    sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

17:23:18.0924 4128    sisagp - ok

17:23:18.0956 4128    SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

17:23:18.0971 4128    SiSRaid2 - ok

17:23:19.0018 4128    SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

17:23:19.0034 4128    SiSRaid4 - ok

17:23:19.0096 4128    Smb             (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

17:23:19.0143 4128    Smb - ok

17:23:19.0268 4128    spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

17:23:19.0268 4128    spldr - ok

17:23:19.0330 4128    srv             (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys

17:23:19.0392 4128    srv - ok

17:23:19.0470 4128    srv2            (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys

17:23:19.0502 4128    srv2 - ok

17:23:19.0611 4128    srvnet          (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys

17:23:19.0642 4128    srvnet - ok

17:23:19.0689 4128    ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

17:23:19.0704 4128    ssmdrv - ok

17:23:19.0767 4128    swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

17:23:19.0782 4128    swenum - ok

17:23:19.0829 4128    Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

17:23:19.0845 4128    Symc8xx - ok

17:23:19.0876 4128    Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

17:23:19.0876 4128    Sym_hi - ok

17:23:19.0954 4128    Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

17:23:19.0954 4128    Sym_u3 - ok

17:23:20.0001 4128    SynTP           (32c0296ae115906679d94957f501e8db) C:\Windows\system32\DRIVERS\SynTP.sys

17:23:20.0016 4128    SynTP - ok

17:23:20.0126 4128    Tcpip           (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\drivers\tcpip.sys

17:23:20.0266 4128    Tcpip - ok

17:23:20.0406 4128    Tcpip6          (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\DRIVERS\tcpip.sys

17:23:20.0453 4128    Tcpip6 - ok

17:23:20.0516 4128    tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

17:23:20.0562 4128    tcpipreg - ok

17:23:20.0640 4128    TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

17:23:20.0672 4128    TDPIPE - ok

17:23:20.0750 4128    TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

17:23:20.0781 4128    TDTCP - ok

17:23:20.0812 4128    tdx             (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

17:23:20.0859 4128    tdx - ok

17:23:20.0890 4128    TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys

17:23:20.0906 4128    TermDD - ok

17:23:21.0015 4128    tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:23:21.0046 4128    tssecsrv - ok

17:23:21.0124 4128    TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys

17:23:21.0140 4128    TuneUpUtilitiesDrv - ok

17:23:21.0218 4128    tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

17:23:21.0249 4128    tunmp - ok

17:23:21.0280 4128    tunnel          (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys

17:23:21.0296 4128    tunnel - ok

17:23:21.0358 4128    uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

17:23:21.0374 4128    uagp35 - ok

17:23:21.0420 4128    UBHelper        (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys

17:23:21.0436 4128    UBHelper - ok

17:23:21.0452 4128    udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys

17:23:21.0483 4128    udfs - ok

17:23:21.0576 4128    uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

17:23:21.0592 4128    uliagpkx - ok

17:23:21.0654 4128    uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

17:23:21.0670 4128    uliahci - ok

17:23:21.0686 4128    UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

17:23:21.0701 4128    UlSata - ok

17:23:21.0779 4128    ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

17:23:21.0779 4128    ulsata2 - ok

17:23:21.0826 4128    umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

17:23:21.0857 4128    umbus - ok

17:23:21.0904 4128    upperdev        (a34560a5d516a2f5240180370866b99d) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys

17:23:21.0920 4128    upperdev - ok

17:23:21.0998 4128    usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

17:23:22.0013 4128    usbccgp - ok

17:23:22.0060 4128    usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

17:23:22.0107 4128    usbcir - ok

17:23:22.0122 4128    usbehci         (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys

17:23:22.0169 4128    usbehci - ok

17:23:22.0247 4128    usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys

17:23:22.0278 4128    usbhub - ok

17:23:22.0310 4128    usbohci         (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys

17:23:22.0341 4128    usbohci - ok

17:23:22.0372 4128    usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

17:23:22.0419 4128    usbprint - ok

17:23:22.0497 4128    usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

17:23:22.0544 4128    usbscan - ok

17:23:22.0606 4128    usbser          (a96191470581a7091420d25ecd444502) C:\Windows\system32\drivers\usbser.sys

17:23:22.0637 4128    usbser - ok

17:23:22.0715 4128    UsbserFilt      (6410eebd6e0427466812858ee84c8467) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys

17:23:22.0731 4128    UsbserFilt - ok

17:23:22.0778 4128    USBSTOR         (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:23:22.0824 4128    USBSTOR - ok

17:23:22.0902 4128    usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

17:23:22.0949 4128    usbuhci - ok

17:23:22.0980 4128    usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

17:23:23.0012 4128    usbvideo - ok

17:23:23.0074 4128    VClone - ok

17:23:23.0105 4128    vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

17:23:23.0152 4128    vga - ok

17:23:23.0168 4128    VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

17:23:23.0199 4128    VgaSave - ok

17:23:23.0261 4128    viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

17:23:23.0277 4128    viaagp - ok

17:23:23.0308 4128    ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

17:23:23.0339 4128    ViaC7 - ok

17:23:23.0355 4128    viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

17:23:23.0370 4128    viaide - ok

17:23:23.0433 4128    volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

17:23:23.0433 4128    volmgr - ok

17:23:23.0464 4128    volmgrx         (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

17:23:23.0480 4128    volmgrx - ok

17:23:23.0511 4128    volsnap         (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

17:23:23.0526 4128    volsnap - ok

17:23:23.0542 4128    vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

17:23:23.0558 4128    vsmraid - ok

17:23:23.0636 4128    WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

17:23:23.0698 4128    WacomPen - ok

17:23:23.0729 4128    Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

17:23:23.0760 4128    Wanarp - ok

17:23:23.0760 4128    Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

17:23:23.0792 4128    Wanarpv6 - ok

17:23:23.0870 4128    Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

17:23:23.0870 4128    Wd - ok

17:23:23.0932 4128    Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

17:23:23.0963 4128    Wdf01000 - ok

17:23:24.0104 4128    winusb          (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\winusb.sys

17:23:24.0150 4128    winusb - ok

17:23:24.0228 4128    WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

17:23:24.0275 4128    WmiAcpi - ok

17:23:24.0353 4128    WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

17:23:24.0384 4128    WpdUsb - ok

17:23:24.0462 4128    ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

17:23:24.0509 4128    ws2ifsl - ok

17:23:24.0556 4128    WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:23:24.0587 4128    WUDFRd - ok

17:23:24.0618 4128    MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

17:23:24.0696 4128    \Device\Harddisk0\DR0 - ok

17:23:24.0712 4128    Boot (0x1200)   (7e89af5869d05129a58c5de8606654f0) \Device\Harddisk0\DR0\Partition0

17:23:24.0712 4128    \Device\Harddisk0\DR0\Partition0 - ok

17:23:24.0728 4128    Boot (0x1200)   (afd315f54976c640ae2062d73a53bace) \Device\Harddisk0\DR0\Partition1

17:23:24.0728 4128    \Device\Harddisk0\DR0\Partition1 - ok

17:23:24.0728 4128    ============================================================

17:23:24.0728 4128    Scan finished

17:23:24.0728 4128    ============================================================

17:23:24.0759 1588    Detected object count: 0

17:23:24.0759 1588    Actual detected object count: 0

MfG Gerd

Bitte NICHT in PHP-Tags posten! Verwende CODE-Tags!

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Combofix Logfile:

Code:

ComboFix 11-10-26.01 - gk 26.10.2011   9:33.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.2813.1756 [GMT 2:00]

ausgeführt von:: c:\users\gk\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\IsUn0407.exe

c:\windows\system32\CddbCdda.dll

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_RKHIT

-------\Service_RkHit

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-09-26 bis 2011-10-26  ))))))))))))))))))))))))))))))

.

.

2011-10-26 07:42 . 2011-10-26 07:42        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{98D18A51-9D08-4474-B6CE-B1CC87B8234A}\offreg.dll

2011-10-26 07:40 . 2011-10-26 07:40        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-10-25 14:16 . 2011-10-25 14:16        --------        d-----w-        C:\_OTL

2011-10-24 20:00 . 2011-10-24 20:00        --------        d-----w-        c:\program files\ESET

2011-10-24 10:03 . 2011-10-24 10:03        --------        d-----w-        c:\program files\Common Files\Java

2011-10-24 10:02 . 2011-10-03 03:06        476904        ----a-w-        c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-10-24 10:02 . 2011-10-03 03:06        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2011-10-23 20:07 . 2011-10-23 20:08        --------        d-----w-        C:\log2

2011-10-23 19:43 . 2011-10-23 19:43        --------        d-----w-        c:\users\gk\AppData\Roaming\Malwarebytes

2011-10-23 19:42 . 2011-10-23 19:42        --------        d-----w-        c:\programdata\Malwarebytes

2011-10-23 19:42 . 2011-10-23 19:42        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-10-23 19:42 . 2011-08-31 15:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-10-23 17:46 . 2011-10-25 14:20        --------        d-----w-        C:\logs

2011-10-23 14:00 . 2011-10-24 09:44        --------        d-----w-        c:\program files\NetPeeker

2011-10-23 14:00 . 2011-10-23 14:00        236400        ----a-w-        c:\windows\system32\drivers\netpeeker.sys

2011-10-23 13:59 . 2011-10-23 13:59        --------        d-----w-        C:\Neuer Ordner

2011-10-22 21:46 . 2011-07-15 09:35        21312        ----a-w-        c:\windows\system32\authuitu.dll

2011-10-22 21:46 . 2011-07-15 09:35        30016        ----a-w-        c:\windows\system32\uxtuneup.dll

2011-10-22 06:04 . 2011-10-22 06:04        --------        d-----w-        c:\programdata\Uniblue

2011-10-22 06:04 . 2011-10-22 06:04        --------        d-----w-        c:\programdata\Canneverbe Limited

2011-10-22 06:04 . 2011-10-22 06:04        --------        d-----w-        c:\users\gk\AppData\Roaming\Canneverbe Limited

2011-10-22 06:04 . 2011-10-22 06:04        --------        d-----w-        c:\program files\CDBurnerXP

2011-10-22 06:04 . 2011-10-22 06:04        --------        d-----w-        c:\users\gk\AppData\Roaming\OpenCandy

2011-10-22 06:03 . 2011-10-22 06:03        --------        d-----w-        c:\program files\Conduit

2011-10-22 06:03 . 2011-10-25 14:16        --------        d-----w-        c:\program files\Winload

2011-10-22 06:03 . 2011-10-22 06:03        --------        d-----w-        c:\users\gk\AppData\Local\Conduit

2011-10-21 20:33 . 2011-10-21 20:33        --------        d-----w-        c:\windows\Profiles

2011-10-21 20:06 . 2011-10-21 20:06        --------        d-----w-        c:\users\gk\AppData\Roaming\Avira

2011-10-21 20:00 . 2011-10-11 13:06        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-10-21 20:00 . 2011-10-11 13:06        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2011-10-21 20:00 . 2011-10-11 13:06        134344        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-10-21 20:00 . 2011-10-21 22:58        --------        d-----w-        c:\programdata\Avira

2011-10-21 20:00 . 2011-10-21 20:00        --------        d-----w-        c:\program files\Avira

2011-10-21 06:57 . 2011-10-07 03:48        6668624        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{98D18A51-9D08-4474-B6CE-B1CC87B8234A}\mpengine.dll

2011-10-21 06:51 . 2011-05-28 06:09        638232        ----a-w-        c:\program files\Internet Explorer\iexplore.exe

2011-10-21 06:51 . 2010-05-27 19:16        81920        ----a-w-        c:\windows\system32\iccvid.dll

2011-10-21 06:51 . 2010-10-19 04:27        7680        ----a-w-        c:\program files\Internet Explorer\iecompat.dll

2011-10-21 06:51 . 2010-08-17 13:32        126464        ----a-w-        c:\windows\system32\spoolsv.exe

2011-10-21 06:51 . 2010-09-06 16:24        125952        ----a-w-        c:\windows\system32\srvsvc.dll

2011-10-21 06:51 . 2010-09-06 16:23        17920        ----a-w-        c:\windows\system32\netevent.dll

2011-10-21 06:49 . 2011-02-18 13:31        304640        ----a-w-        c:\windows\system32\drivers\srv.sys

2011-10-21 06:49 . 2011-04-14 14:24        75264        ----a-w-        c:\windows\system32\drivers\dfsc.sys

2011-10-21 06:49 . 2010-10-12 15:48        33280        ----a-w-        c:\program files\Windows Mail\wabfind.dll

2011-10-21 06:49 . 2010-10-12 13:52        66048        ----a-w-        c:\program files\Windows Mail\wabmig.exe

2011-10-21 06:49 . 2010-10-12 13:52        515584        ----a-w-        c:\program files\Windows Mail\wab.exe

2011-10-21 06:49 . 2011-02-22 12:51        69632        ----a-w-        c:\windows\system32\drivers\bowser.sys

2011-10-21 06:49 . 2010-10-18 14:01        81920        ----a-w-        c:\windows\system32\consent.exe

2011-10-21 06:49 . 2011-04-30 06:09        758784        ----a-w-        c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll

2011-10-21 06:44 . 2010-12-28 14:57        409600        ----a-w-        c:\windows\system32\odbc32.dll

2011-10-21 06:44 . 2010-12-28 14:56        708608        ----a-w-        c:\program files\Common Files\System\ado\msado15.dll

2011-10-21 06:44 . 2010-12-28 14:56        57344        ----a-w-        c:\program files\Common Files\System\msadc\msadcs.dll

2011-10-21 06:44 . 2010-12-28 14:56        253952        ----a-w-        c:\program files\Common Files\System\ado\msadox.dll

2011-10-21 06:44 . 2010-12-28 14:56        241664        ----a-w-        c:\program files\Common Files\System\ado\msadomd.dll

2011-10-21 06:44 . 2010-12-28 14:56        180224        ----a-w-        c:\program files\Common Files\System\msadc\msadco.dll

2011-10-21 06:43 . 2010-12-17 16:43        2067456        ----a-w-        c:\windows\system32\mstscax.dll

2011-10-21 06:43 . 2010-12-17 15:06        677888        ----a-w-        c:\windows\system32\mstsc.exe

2011-10-21 06:43 . 2010-08-31 15:40        531968        ----a-w-        c:\windows\system32\comctl32.dll

2011-10-21 06:42 . 2011-04-29 14:54        276992        ----a-w-        c:\windows\system32\schannel.dll

2011-10-21 05:47 . 2011-10-21 05:47        --------        d-----w-        c:\windows\system32\IO

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-30 06:38 . 2011-06-23 21:17        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-03-28 119608]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-12 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2008-12-18 690720]

"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]

"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-01-09 870920]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-09 1418536]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-11 13560352]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-11 92704]

"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]

"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ehTray.exe"=c:\windows\ehome\ehTray.exe

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"NvCplDaemonTool"=rundll32.exe _IWMPEvents

"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe

"WinampAgent"="c:\program files\Winamp\winampa.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

"Ocs_SM"=c:\users\gk\AppData\Roaming\OCS\SM\SearchAnonymizer.exe

"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide

.

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-12-29 109920]

R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-08-09 419328]

R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]

R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]

R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]

R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]

R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]

R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]

R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]

R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [2010-03-15 98672]

R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [2010-03-15 14960]

R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [2010-03-15 124016]

R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [2010-03-15 117872]

R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [2010-03-15 25456]

R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [2010-03-15 113904]

R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [2010-03-15 123504]

R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-02-10 150528]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]

S1 NetPeeker;Net-Peeker Kernel Driver;c:\windows\system32\DRIVERS\netpeeker.sys [2011-10-23 236400]

S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-10-11 342480]

S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]

S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-11 463824]

S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]

S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-10-04 69632]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2008-12-18 653856]

S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2011-07-15 1052480]

S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-09-29 223232]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-09-05 45600]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile        REG_MULTI_SZ           wcescomm rapimgr

LocalServiceRestricted        REG_MULTI_SZ           WcesComm RapiMgr

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

Inhalt des "geplante Tasks" Ordners

.

2011-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 23:09]

.

2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 23:09]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

mStart Page = 

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Felder mit Bestellhelfer ausfüllen - file://c:\program files\DHL\DHL Bestellhelfer\fillFormContext.html

IE: Felder mit Bestellhelfer merken - file://c:\program files\DHL\DHL Bestellhelfer\assignContext.html

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\gk\AppData\Roaming\Mozilla\Firefox\Profiles\ysoa0361.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - 

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-FRITZ!DSL - c:\windows\IsUn0407.exe

.

.

.

**************************************************************************

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(1356)

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\rundll32.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\FRITZ!DSL\IGDCTRL.EXE

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\acer\Mobility Center\MobilityService.exe

c:\program files\Cyberlink\Shared files\RichVideo.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

c:\windows\system32\conime.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-10-26  09:50:43 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-10-26 07:50

.

Vor Suchlauf: 13 Verzeichnis(se), 92.838.678.528 Bytes frei

Nach Suchlauf: 20 Verzeichnis(se), 92.480.536.576 Bytes frei

.

- - End Of File - - E677ACAE66776C03C5508E4987343E16

--- --- ---

MfG Gerd

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

Folder::

c:\program files\Conduit

c:\program files\Winload

c:\users\gk\AppData\Local\Conduit

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Combofix Logfile:

Code:

ComboFix 11-10-26.01 - gk 26.10.2011  14:15:36.2.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.2813.1797 [GMT 2:00]

ausgeführt von:: c:\users\gk\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\gk\Desktop\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Conduit

c:\program files\Conduit\Community Alerts\Alert.dll

c:\program files\Winload

c:\program files\Winload\GottenAppsContextMenu.xml

c:\program files\Winload\OtherAppsContextMenu.xml

c:\program files\Winload\SharedAppsContextMenu.xml

c:\program files\Winload\tbWinl.dll

c:\program files\Winload\toolbar.cfg

c:\program files\Winload\ToolbarContextMenu.xml

c:\program files\Winload\uninstall.exe

c:\program files\Winload\UNWISE.INI

c:\program files\Winload\WinloadToolbarHelper.exe

c:\users\gk\AppData\Local\Conduit

c:\users\gk\AppData\Local\Conduit\CT2319825\WinloadAutoUpdateHelper.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-09-26 bis 2011-10-26  ))))))))))))))))))))))))))))))

.

.

2011-10-26 12:21 . 2011-10-26 12:21        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-10-26 11:53 . 2011-10-26 11:53        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{98D18A51-9D08-4474-B6CE-B1CC87B8234A}\offreg.dll

2011-10-26 07:50 . 2011-10-26 12:22        --------        d-----w-        c:\users\gk\AppData\Local\temp

2011-10-25 14:16 . 2011-10-25 14:16        --------        d-----w-        C:\_OTL

2011-10-24 20:00 . 2011-10-24 20:00        --------        d-----w-        c:\program files\ESET

2011-10-24 10:03 . 2011-10-24 10:03        --------        d-----w-        c:\program files\Common Files\Java

2011-10-24 10:02 . 2011-10-03 03:06        476904        ----a-w-        c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-10-24 10:02 . 2011-10-03 03:06        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2011-10-23 20:07 . 2011-10-23 20:08        --------        d-----w-        C:\log2

2011-10-23 19:43 . 2011-10-23 19:43        --------        d-----w-        c:\users\gk\AppData\Roaming\Malwarebytes

2011-10-23 19:42 . 2011-10-23 19:42        --------        d-----w-        c:\programdata\Malwarebytes

2011-10-23 19:42 . 2011-10-23 19:42        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-10-23 19:42 . 2011-08-31 15:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-10-23 17:46 . 2011-10-25 14:20        --------        d-----w-        C:\logs

2011-10-23 14:00 . 2011-10-24 09:44        --------        d-----w-        c:\program files\NetPeeker

2011-10-23 14:00 . 2011-10-23 14:00        236400        ----a-w-        c:\windows\system32\drivers\netpeeker.sys

2011-10-23 13:59 . 2011-10-23 13:59        --------        d-----w-        C:\Neuer Ordner

2011-10-22 21:46 . 2011-07-15 09:35        21312        ----a-w-        c:\windows\system32\authuitu.dll

2011-10-22 21:46 . 2011-07-15 09:35        30016        ----a-w-        c:\windows\system32\uxtuneup.dll

2011-10-22 06:04 . 2011-10-22 06:04        --------        d-----w-        c:\programdata\Uniblue

2011-10-22 06:04 . 2011-10-22 06:04        --------        d-----w-        c:\programdata\Canneverbe Limited

2011-10-22 06:04 . 2011-10-22 06:04        --------        d-----w-        c:\users\gk\AppData\Roaming\Canneverbe Limited

2011-10-22 06:04 . 2011-10-22 06:04        --------        d-----w-        c:\program files\CDBurnerXP

2011-10-22 06:04 . 2011-10-22 06:04        --------        d-----w-        c:\users\gk\AppData\Roaming\OpenCandy

2011-10-22 06:03 . 2011-10-25 14:17        --------        d-----w-        c:\program files\ConduitEngine

2011-10-21 20:33 . 2011-10-21 20:33        --------        d-----w-        c:\windows\Profiles

2011-10-21 20:06 . 2011-10-21 20:06        --------        d-----w-        c:\users\gk\AppData\Roaming\Avira

2011-10-21 20:00 . 2011-10-11 13:06        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-10-21 20:00 . 2011-10-11 13:06        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2011-10-21 20:00 . 2011-10-11 13:06        134344        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-10-21 20:00 . 2011-10-21 22:58        --------        d-----w-        c:\programdata\Avira

2011-10-21 20:00 . 2011-10-21 20:00        --------        d-----w-        c:\program files\Avira

2011-10-21 06:57 . 2011-10-07 03:48        6668624        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{98D18A51-9D08-4474-B6CE-B1CC87B8234A}\mpengine.dll

2011-10-21 06:51 . 2011-05-28 06:09        638232        ----a-w-        c:\program files\Internet Explorer\iexplore.exe

2011-10-21 06:51 . 2010-05-27 19:16        81920        ----a-w-        c:\windows\system32\iccvid.dll

2011-10-21 06:51 . 2010-10-19 04:27        7680        ----a-w-        c:\program files\Internet Explorer\iecompat.dll

2011-10-21 06:51 . 2010-08-17 13:32        126464        ----a-w-        c:\windows\system32\spoolsv.exe

2011-10-21 06:51 . 2010-09-06 16:24        125952        ----a-w-        c:\windows\system32\srvsvc.dll

2011-10-21 06:51 . 2010-09-06 16:23        17920        ----a-w-        c:\windows\system32\netevent.dll

2011-10-21 06:49 . 2011-02-18 13:31        304640        ----a-w-        c:\windows\system32\drivers\srv.sys

2011-10-21 06:49 . 2011-04-14 14:24        75264        ----a-w-        c:\windows\system32\drivers\dfsc.sys

2011-10-21 06:49 . 2010-10-12 15:48        33280        ----a-w-        c:\program files\Windows Mail\wabfind.dll

2011-10-21 06:49 . 2010-10-12 13:52        66048        ----a-w-        c:\program files\Windows Mail\wabmig.exe

2011-10-21 06:49 . 2010-10-12 13:52        515584        ----a-w-        c:\program files\Windows Mail\wab.exe

2011-10-21 06:49 . 2011-02-22 12:51        69632        ----a-w-        c:\windows\system32\drivers\bowser.sys

2011-10-21 06:49 . 2010-10-18 14:01        81920        ----a-w-        c:\windows\system32\consent.exe

2011-10-21 06:49 . 2011-04-30 06:09        758784        ----a-w-        c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll

2011-10-21 06:44 . 2010-12-28 14:57        409600        ----a-w-        c:\windows\system32\odbc32.dll

2011-10-21 06:44 . 2010-12-28 14:56        708608        ----a-w-        c:\program files\Common Files\System\ado\msado15.dll

2011-10-21 06:44 . 2010-12-28 14:56        57344        ----a-w-        c:\program files\Common Files\System\msadc\msadcs.dll

2011-10-21 06:44 . 2010-12-28 14:56        253952        ----a-w-        c:\program files\Common Files\System\ado\msadox.dll

2011-10-21 06:44 . 2010-12-28 14:56        241664        ----a-w-        c:\program files\Common Files\System\ado\msadomd.dll

2011-10-21 06:44 . 2010-12-28 14:56        180224        ----a-w-        c:\program files\Common Files\System\msadc\msadco.dll

2011-10-21 06:43 . 2010-12-17 16:43        2067456        ----a-w-        c:\windows\system32\mstscax.dll

2011-10-21 06:43 . 2010-12-17 15:06        677888        ----a-w-        c:\windows\system32\mstsc.exe

2011-10-21 06:43 . 2010-08-31 15:40        531968        ----a-w-        c:\windows\system32\comctl32.dll

2011-10-21 06:42 . 2011-04-29 14:54        276992        ----a-w-        c:\windows\system32\schannel.dll

2011-10-21 05:47 . 2011-10-21 05:47        --------        d-----w-        c:\windows\system32\IO

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-30 06:38 . 2011-06-23 21:17        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-03-28 119608]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-12 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2008-12-18 690720]

"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]

"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-01-09 870920]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-09 1418536]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-11 13560352]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-11 92704]

"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]

"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ehTray.exe"=c:\windows\ehome\ehTray.exe

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"NvCplDaemonTool"=rundll32.exe _IWMPEvents

"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe

"WinampAgent"="c:\program files\Winamp\winampa.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

"Ocs_SM"=c:\users\gk\AppData\Roaming\OCS\SM\SearchAnonymizer.exe

"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide

.

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-12-29 109920]

R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-08-09 419328]

R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]

R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]

R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]

R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]

R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]

R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]

R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]

R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [2010-03-15 98672]

R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [2010-03-15 14960]

R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [2010-03-15 124016]

R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [2010-03-15 117872]

R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [2010-03-15 25456]

R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [2010-03-15 113904]

R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [2010-03-15 123504]

R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-02-10 150528]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]

S1 NetPeeker;Net-Peeker Kernel Driver;c:\windows\system32\DRIVERS\netpeeker.sys [2011-10-23 236400]

S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-10-11 342480]

S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]

S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-11 463824]

S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]

S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-10-04 69632]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2008-12-18 653856]

S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2011-07-15 1052480]

S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-09-29 223232]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-09-05 45600]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile        REG_MULTI_SZ           wcescomm rapimgr

LocalServiceRestricted        REG_MULTI_SZ           WcesComm RapiMgr

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

Inhalt des "geplante Tasks" Ordners

.

2011-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 23:09]

.

2011-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 23:09]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

mStart Page = 

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Felder mit Bestellhelfer ausfüllen - file://c:\program files\DHL\DHL Bestellhelfer\fillFormContext.html

IE: Felder mit Bestellhelfer merken - file://c:\program files\DHL\DHL Bestellhelfer\assignContext.html

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\gk\AppData\Roaming\Mozilla\Firefox\Profiles\ysoa0361.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - 

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-Winload Toolbar - c:\progra~1\Winload\UNINST~1.EXE

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-10-26 14:22

Windows 6.0.6001 Service Pack 1 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2011-10-26  14:25:10

ComboFix-quarantined-files.txt  2011-10-26 12:25

ComboFix2.txt  2011-10-26 07:50

.

Vor Suchlauf: 19 Verzeichnis(se), 92.411.940.864 Bytes frei

Nach Suchlauf: 19 Verzeichnis(se), 92.378.664.960 Bytes frei

.

- - End Of File - - 6E62319D8E4AB88BCAD67F2184221FB3

--- --- ---

MfG Gerd

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Also Gmer ging absolut nicht.

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 17:56:43 on 26.10.2011
 

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit

Default Browser: Mozilla Corporation Firefox 3.6.23
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL

"NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys

"catchme" (catchme) - ? - C:\Users\gk\AppData\Local\Temp\catchme.sys  (File not found)

"Dritek General Port I/O" (DritekPortIO) - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\DPortIO.sys

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"pgtdqpoc" (pgtdqpoc) - ? - C:\Users\gk\AppData\Local\Temp\pgtdqpoc.sys  (Hidden registry entry, rootkit activity | File not found)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys

"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys

"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys

"VClone" (VClone) - ? - C:\Windows\System32\DRIVERS\VClone.sys  (File not found)
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll

{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll

{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Object" - "Apple Inc." - C:\Program Files\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Click to call with Skype" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{23BC42E9-46AB-481f-A200-69524B689A6B} "DHL Bestellhelfer" - ? -   (File not found | COM-object registry key not found)

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\gk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4

"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Acer ePower Management" - "Acer Incorporated" - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"BkupTray" - ? - "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

"FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe

"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe

"MobileConnect" - "Vodafone" - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent

"PLFSetI" - ? - C:\Windows\PLFSetI.exe

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll

"@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe

"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira Email Schutz" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"AVM FRITZ!web Routing Service" (de_serv) - "AVM Berlin" - C:\Program Files\Common Files\AVM\de_serv.exe

"AVM IGD CTRL Service" (AVM IGD CTRL Service) - "AVM Berlin" - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE

"CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

"MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe

"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll

"NTI Backup Now 5 Agent Service" (BUNAgentSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - ? - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe  (File found, but it contains no detailed information)

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll

"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

"Sony Ericsson PCCompanion" (Sony Ericsson PCCompanion) - "Avanquest Software" - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe

"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

"Vodafone Mobile Connect Service" (VMCService) - "Vodafone" - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-26 18:02:13
-----------------------------
18:02:13.723 OS Version: Windows 6.0.6001 Service Pack 1
18:02:13.723 Number of processors: 2 586 0x170A
18:02:13.723 ComputerName: GK-PC UserName: gk
18:02:30.384 Initialize success
18:03:54.164 AVAST engine defs: 11102600
18:04:04.476 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\000000a4
18:04:04.476 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
18:04:06.519 Disk 0 MBR read successfully
18:04:06.519 Disk 0 MBR scan
18:04:06.551 Disk 0 Windows VISTA default MBR code
18:04:06.566 Disk 0 scanning sectors +625139712
18:04:06.660 Disk 0 scanning C:\Windows\system32\drivers
18:04:24.990 Service scanning
18:04:26.222 Modules scanning
18:04:33.117 Disk 0 trace - called modules:
18:04:33.149 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
18:04:33.149 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x852fe4f0]
18:04:33.149 3 CLASSPNP.SYS[895de745] -> nt!IofCallDriver -> [0x85188700]
18:04:33.164 5 acpi.sys[8069e6a0] -> nt!IofCallDriver -> \Device\000000a4[0x84d72900]
18:04:34.194 AVAST engine scan C:\Windows
18:04:42.743 AVAST engine scan C:\Windows\system32
18:07:50.052 AVAST engine scan C:\Windows\system32\drivers
18:08:02.017 AVAST engine scan C:\Users\gk
18:12:42.177 AVAST engine scan C:\ProgramData
18:15:22.998 Scan finished successfully
18:15:39.393 Disk 0 MBR has been saved successfully to "C:\Users\gk\Desktop\MBR.dat"
18:15:39.393 The log file has been saved successfully to "C:\Users\gk\Desktop\aswMBR.txt"

MfG Gerd

Hab das mit gmer doch noch hingekriegt:

GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2011-10-26 19:44:12

Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\000000a4 Hitachi_ rev.FB4O

Running: 34hi7d1i.exe; Driver: C:\Users\gk\AppData\Local\Temp\pgtdqpoc.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            8B3C9626                                   ZwCreateSection

SSDT            8B3C95FE                                   ZwCreateSymbolicLinkObject

SSDT            8B3C9603                                   ZwLoadDriver

SSDT            8B3C95F9                                   ZwOpenSection

SSDT            8B3C9630                                   ZwRequestWaitReplyPort

SSDT            8B3C962B                                   ZwSetContextThread

SSDT            8B3C9635                                   ZwSetSecurityObject

SSDT            8B3C9608                                   ZwSetSystemInformation

SSDT            8B3C963A                                   ZwSystemDebugControl

SSDT            8B3C95C7                                   ZwTerminateProcess

SSDT            8B3C95C2                                   ZwWriteVirtualMemory
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!KeSetTimerEx + 448            81CECB0C 4 Bytes  [26, 96, 3C, 8B]

.text           ntkrnlpa.exe!KeSetTimerEx + 450            81CECB14 4 Bytes  [FE, 95, 3C, 8B]

.text           ntkrnlpa.exe!KeSetTimerEx + 5B0            81CECC74 4 Bytes  [03, 96, 3C, 8B]

.text           ntkrnlpa.exe!KeSetTimerEx + 630            81CECCF4 4 Bytes  [F9, 95, 3C, 8B] {STC ; XCHG EBP, EAX; CMP AL, 0x8b}

.text           ntkrnlpa.exe!KeSetTimerEx + 76C            81CECE30 4 Bytes  [30, 96, 3C, 8B]

.text           ...                                        

.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys   section is writeable [0x8D207340, 0x3F97E7, 0xE8000020]

?               C:\Users\gk\AppData\Local\Temp\aswMBR.sys  Das System kann die angegebene Datei nicht finden. !
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0    Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1    Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
 

---- EOF - GMER 1.0.15 ----

--- --- ---

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

So, hier sind die Logfiles:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8025

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

27.10.2011 00:28:30
mbam-log-2011-10-27 (00-28-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 300818
Laufzeit: 51 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/27/2011 at 02:06 AM

Application Version : 5.0.1134

Core Rules Database Version : 7854
Trace Rules Database Version: 5666

Scan type : Complete Scan
Total Scan Time : 01:25:24

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 1 (Build 6.00.6001)
UAC On - Administrator

Memory items scanned : 794
Memory threats detected : 0
Registry items scanned : 38553
Registry threats detected : 0
File items scanned : 138400
File threats detected : 173

Adware.Tracking Cookie
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@ad.adc-serv[2].txt [ /ad.adc-serv ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@ad.adnet[2].txt [ /ad.adnet ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@ad.zanox[2].txt [ /ad.zanox ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@ad1.adfarm1.adition[1].txt [ /ad1.adfarm1.adition ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@ad2.adfarm1.adition[2].txt [ /ad2.adfarm1.adition ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@ad3.adfarm1.adition[1].txt [ /ad3.adfarm1.adition ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@ad3.adfarm1.adition[2].txt [ /ad3.adfarm1.adition ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@ad3.adfarm1.adition[3].txt [ /ad3.adfarm1.adition ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@adfarm1.adition[1].txt [ /adfarm1.adition ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@ads.creative-serving[2].txt [ /ads.creative-serving ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@adserv.kwick[2].txt [ /adserv.kwick ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@adserver.traffictrack[2].txt [ /adserver.traffictrack ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@adservercentral[2].txt [ /adservercentral ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@adtech[1].txt [ /adtech ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@advertising[2].txt [ /advertising ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@apmebf[1].txt [ /apmebf ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@atdmt.combing[2].txt [ /atdmt.combing ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@atdmt[1].txt [ /atdmt ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@atwola[2].txt [ /atwola ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@bs.serving-sys[1].txt [ /bs.serving-sys ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@content.yieldmanager[2].txt [ /content.yieldmanager ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@content.yieldmanager[3].txt [ /content.yieldmanager ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@content.yieldmanager[4].txt [ /content.yieldmanager ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@content.yieldmanager[5].txt [ /content.yieldmanager ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@doubleclick[1].txt [ /doubleclick ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@eyewonder[2].txt [ /eyewonder ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@fastclick[1].txt [ /fastclick ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@googleads.g.doubleclick[1].txt [ /googleads.g.doubleclick ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@imrworldwide[2].txt [ /imrworldwide ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@invitemedia[1].txt [ /invitemedia ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@mediaplex[2].txt [ /mediaplex ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@microsoftwllivemkt.112.2o7[1].txt [ /microsoftwllivemkt.112.2o7 ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@questionmarket[2].txt [ /questionmarket ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@revsci[2].txt [ /revsci ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@serving-sys[1].txt [ /serving-sys ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@sevenoneintermedia.112.2o7[1].txt [ /sevenoneintermedia.112.2o7 ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@smartadserver[2].txt [ /smartadserver ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@tacoda[1].txt [ /tacoda ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@tracking.hannoversche[2].txt [ /tracking.hannoversche ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@tracking.mindshare[1].txt [ /tracking.mindshare ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@tracking.quisma[2].txt [ /tracking.quisma ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@tradedoubler[1].txt [ /tradedoubler ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@tradedoubler[2].txt [ /tradedoubler ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@tradedoubler[3].txt [ /tradedoubler ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@tradedoubler[4].txt [ /tradedoubler ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@traffictrack[1].txt [ /traffictrack ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@vdwp.solution.weborama[2].txt [ /vdwp.solution.weborama ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@webmasterplan[2].txt [ /webmasterplan ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@weborama[1].txt [ /weborama ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@www.active-tracking[1].txt [ /www.active-tracking ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@www.adservercentral[1].txt [ /www.adservercentral ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@www.zanox-affiliate[1].txt [ /www.zanox-affiliate ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@zanox-affiliate[2].txt [ /zanox-affiliate ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@zanox[1].txt [ /zanox ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@zbox.zanox[2].txt [ /zbox.zanox ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\gk@adsonar[2].txt [ Cookie:gk@adsonar.com/adserving ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@tracking.klicktel[2].txt [ Cookie:gk@tracking.klicktel.de/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@www.zanox-affiliate[2].txt [ Cookie:gk@www.zanox-affiliate.de/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@fr.sitestat[2].txt [ Cookie:gk@fr.sitestat.com/renault-group/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@zanox[2].txt [ Cookie:gk@zanox.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@zanox-affiliate[2].txt [ Cookie:gk@zanox-affiliate.de/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@specificclick[1].txt [ Cookie:gk@specificclick.net/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@www.googleadservices[2].txt [ Cookie:gk@www.googleadservices.com/pagead/conversion/1043602441/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@webmasterplan[1].txt [ Cookie:gk@webmasterplan.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@tradedoubler[1].txt [ Cookie:gk@tradedoubler.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@atdmt[1].txt [ Cookie:gk@atdmt.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@doubleclick[2].txt [ Cookie:gk@doubleclick.net/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@tracking.mlsat02[1].txt [ Cookie:gk@tracking.mlsat02.de/tmobile/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@rotator.adjuggler[1].txt [ Cookie:gk@rotator.adjuggler.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@traffictrack[1].txt [ Cookie:gk@traffictrack.de/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@ww251.smartadserver[1].txt [ Cookie:gk@ww251.smartadserver.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@tracking.quisma[2].txt [ Cookie:gk@tracking.quisma.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@ad.adnet[1].txt [ Cookie:gk@ad.adnet.de/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@www.googleadservices[5].txt [ Cookie:gk@www.googleadservices.com/pagead/conversion/1066732035/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@112.2o7[2].txt [ Cookie:gk@112.2o7.net/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@adxpose[1].txt [ Cookie:gk@adxpose.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@bs.serving-sys[1].txt [ Cookie:gk@bs.serving-sys.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@advertising[1].txt [ Cookie:gk@advertising.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@eas.apm.emediate[2].txt [ Cookie:gk@eas.apm.emediate.eu/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@www.googleadservices[3].txt [ Cookie:gk@www.googleadservices.com/pagead/conversion/1059341893/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@ad.adserver01[1].txt [ Cookie:gk@ad.adserver01.de/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@statse.webtrendslive[2].txt [ Cookie:gk@statse.webtrendslive.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@bluestreak[1].txt [ Cookie:gk@bluestreak.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@ehg-systemax.hitbox[1].txt [ Cookie:gk@ehg-systemax.hitbox.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@mediaplex[2].txt [ Cookie:gk@mediaplex.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@www.googleadservices[4].txt [ Cookie:gk@www.googleadservices.com/pagead/conversion/1029724545/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@fr.sitestat[1].txt [ Cookie:gk@fr.sitestat.com/renault-group/renault-de/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@vodafonegroup.122.2o7[1].txt [ Cookie:gk@vodafonegroup.122.2o7.net/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@apmebf[1].txt [ Cookie:gk@apmebf.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@www.googleadservices[1].txt [ Cookie:gk@www.googleadservices.com/pagead/conversion/1019406294/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@ero-advertising[1].txt [ Cookie:gk@ero-advertising.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@media6degrees[1].txt [ Cookie:gk@media6degrees.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@serving-sys[1].txt [ Cookie:gk@serving-sys.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@e-2dj6wgliald5ofo.stats.esomniture[2].txt [ Cookie:gk@e-2dj6wgliald5ofo.stats.esomniture.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@track.effiliation[1].txt [ Cookie:gk@track.effiliation.com/servlet/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@adfarm1.adition[1].txt [ Cookie:gk@adfarm1.adition.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@ad1.power-media[1].txt [ Cookie:gk@ad1.power-media.net/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@im.banner.t-online[1].txt [ Cookie:gk@im.banner.t-online.de/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@xiti[1].txt [ Cookie:gk@xiti.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@content.yieldmanager[3].txt [ Cookie:gk@content.yieldmanager.com/ak/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@ad.yieldmanager[1].txt [ Cookie:gk@ad.yieldmanager.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@cdn5.specificclick[1].txt [ Cookie:gk@cdn5.specificclick.net/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@gemoneysdenac.112.2o7[1].txt [ Cookie:gk@gemoneysdenac.112.2o7.net/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@ad.zanox[2].txt [ Cookie:gk@ad.zanox.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@hitbox[2].txt [ Cookie:gk@hitbox.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@de.sitestat[2].txt [ Cookie:gk@de.sitestat.com/cicero/freies-wort/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@daimlerag.122.2o7[1].txt [ Cookie:gk@daimlerag.122.2o7.net/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@www.etracker[1].txt [ Cookie:gk@www.etracker.de/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@ad2.adfarm1.adition[1].txt [ Cookie:gk@ad2.adfarm1.adition.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@secmedia[1].txt [ Cookie:gk@secmedia.de/ ]
C:\USERS\GK\Cookies\gk@www.zanox-affiliate[1].txt [ Cookie:gk@www.zanox-affiliate.de/ ]
C:\USERS\GK\Cookies\gk@smartadserver[2].txt [ Cookie:gk@smartadserver.com/ ]
C:\USERS\GK\Cookies\gk@zanox[1].txt [ Cookie:gk@zanox.com/ ]
C:\USERS\GK\Cookies\gk@zanox-affiliate[2].txt [ Cookie:gk@zanox-affiliate.de/ ]
C:\USERS\GK\Cookies\gk@www.active-tracking[1].txt [ Cookie:gk@www.active-tracking.de/ ]
C:\USERS\GK\Cookies\gk@webmasterplan[2].txt [ Cookie:gk@webmasterplan.com/ ]
C:\USERS\GK\Cookies\gk@adserv.kwick[2].txt [ Cookie:gk@adserv.kwick.de/ ]
C:\USERS\GK\Cookies\gk@tradedoubler[4].txt [ Cookie:gk@tradedoubler.com/ ]
C:\USERS\GK\Cookies\gk@atdmt[1].txt [ Cookie:gk@atdmt.com/ ]
C:\USERS\GK\Cookies\gk@sevenoneintermedia.112.2o7[1].txt [ Cookie:gk@sevenoneintermedia.112.2o7.net/ ]
C:\USERS\GK\Cookies\gk@doubleclick[1].txt [ Cookie:gk@doubleclick.net/ ]
C:\USERS\GK\Cookies\gk@traffictrack[1].txt [ Cookie:gk@traffictrack.de/ ]
C:\USERS\GK\Cookies\gk@tracking.quisma[2].txt [ Cookie:gk@tracking.quisma.com/ ]
C:\USERS\GK\Cookies\gk@ad.adnet[2].txt [ Cookie:gk@ad.adnet.de/ ]
C:\USERS\GK\Cookies\gk@adsonar[2].txt [ Cookie:gk@adsonar.com/adserving ]
C:\USERS\GK\Cookies\gk@revsci[2].txt [ Cookie:gk@revsci.net/ ]
C:\USERS\GK\Cookies\gk@questionmarket[2].txt [ Cookie:gk@questionmarket.com/ ]
C:\USERS\GK\Cookies\gk@googleads.g.doubleclick[1].txt [ Cookie:gk@googleads.g.doubleclick.net/ ]
C:\USERS\GK\Cookies\gk@bs.serving-sys[1].txt [ Cookie:gk@bs.serving-sys.com/ ]
C:\USERS\GK\Cookies\gk@advertising[2].txt [ Cookie:gk@advertising.com/ ]
C:\USERS\GK\Cookies\gk@adservercentral[2].txt [ Cookie:gk@adservercentral.info/ ]
C:\USERS\GK\Cookies\gk@weborama[1].txt [ Cookie:gk@weborama.fr/ ]
C:\USERS\GK\Cookies\gk@www.adservercentral[1].txt [ Cookie:gk@www.adservercentral.info/ ]
C:\USERS\GK\Cookies\gk@mediaplex[2].txt [ Cookie:gk@mediaplex.com/ ]
C:\USERS\GK\Cookies\gk@apmebf[1].txt [ Cookie:gk@apmebf.com/ ]
C:\USERS\GK\Cookies\gk@invitemedia[1].txt [ Cookie:gk@invitemedia.com/ ]
C:\USERS\GK\Cookies\gk@tracking.mindshare[1].txt [ Cookie:gk@tracking.mindshare.de/ ]
C:\USERS\GK\Cookies\gk@microsoftwllivemkt.112.2o7[1].txt [ Cookie:gk@microsoftwllivemkt.112.2o7.net/ ]
C:\USERS\GK\Cookies\gk@serving-sys[1].txt [ Cookie:gk@serving-sys.com/ ]
C:\USERS\GK\Cookies\gk@atdmt.combing[2].txt [ Cookie:gk@atdmt.combing.com/ ]
C:\USERS\GK\Cookies\gk@atwola[2].txt [ Cookie:gk@atwola.com/ ]
C:\USERS\GK\Cookies\gk@adfarm1.adition[1].txt [ Cookie:gk@adfarm1.adition.com/ ]
C:\USERS\GK\Cookies\gk@content.yieldmanager[5].txt [ Cookie:gk@content.yieldmanager.com/ak/ ]
C:\USERS\GK\Cookies\gk@ad2.adfarm1.adition[2].txt [ Cookie:gk@ad2.adfarm1.adition.com/ ]
C:\USERS\GK\Cookies\gk@zbox.zanox[2].txt [ Cookie:gk@zbox.zanox.com/ ]
C:\USERS\GK\Cookies\gk@ad.yieldmanager[1].txt [ Cookie:gk@ad.yieldmanager.com/ ]
C:\USERS\GK\Cookies\gk@tacoda[1].txt [ Cookie:gk@tacoda.net/ ]
C:\USERS\GK\Cookies\gk@ad.zanox[2].txt [ Cookie:gk@ad.zanox.com/ ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@WWW.TRAFFICTRACK[1].TXT [ /WWW.TRAFFICTRACK ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@WWW.GOOGLEADSERVICES[6].TXT [ /WWW.GOOGLEADSERVICES ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@TRACK.EFFILIATION[3].TXT [ /TRACK.EFFILIATION ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@TRACK.ADFORM[2].TXT [ /TRACK.ADFORM ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@ADS.IMMOBILIENSCOUT24[1].TXT [ /ADS.IMMOBILIENSCOUT24 ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@2.BFUGMEDIA[2].TXT [ /2.BFUGMEDIA ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@2O7[1].TXT [ /2O7 ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@AD.BOREUS[2].TXT [ /AD.BOREUS ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@AD.AD-SRV[2].TXT [ /AD.AD-SRV ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@AD3.ADFARM1.ADITION[1].TXT [ /AD3.ADFARM1.ADITION ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@ADS.MEDIENHAUS[1].TXT [ /ADS.MEDIENHAUS ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@ADFORM[1].TXT [ /ADFORM ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@ADS.WEBMASTERPROFITCENTER[2].TXT [ /ADS.WEBMASTERPROFITCENTER ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@ADTECH[1].TXT [ /ADTECH ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@ADVIVA[2].TXT [ /ADVIVA ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@CONTENT.YIELDMANAGER[2].TXT [ /CONTENT.YIELDMANAGER ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@DEUTSCHEPOSTAG.112.2O7[1].TXT [ /DEUTSCHEPOSTAG.112.2O7 ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@EYEWONDER[1].TXT [ /EYEWONDER ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@FASTCLICK[1].TXT [ /FASTCLICK ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@STUDIVZ.ADFARM1.ADITION[1].TXT [ /STUDIVZ.ADFARM1.ADITION ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@TRACKING.HANNOVERSCHE[2].TXT [ /TRACKING.HANNOVERSCHE ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@UNITYMEDIA[1].TXT [ /UNITYMEDIA ]

Und noch das eset-log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9f386078d47c7046b93e80d79bfb20a0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-24 09:31:07
# local_time=2011-10-24 11:31:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 259378 259378 0 0
# compatibility_mode=5892 16776573 100 100 449 157019320 0 0
# compatibility_mode=8192 67108863 100 0 144 144 0 0
# scanned=149065
# found=0
# cleaned=0
# scan_time=5275
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9f386078d47c7046b93e80d79bfb20a0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-27 07:00:21
# local_time=2011-10-27 09:00:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 465757 465757 0 0
# compatibility_mode=5892 16776573 100 100 28346 157225699 0 0
# compatibility_mode=8192 67108863 100 0 206523 206523 0 0
# scanned=146196
# found=0
# cleaned=0
# scan_time=5850

Kannst Du mir bitte mal noch kurz schreiben, was nun eigentlich so richtig los war auf meinem Rechner ? Gibt's irgendwas besonderes zu beachten ?

Vielen Dank erstmal.

MfG Gerd

Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

Also Probleme gibt's eigentlich keine weiter. Der Rechner ist wieder auffällig schneller. Aufgefallen ist mir nur: Wenn ich AntiVir starte, steht das Programm einige Sekunden lang. Also ich kann da nichts anklicken oder so. Weiß nicht, ob das wesentlich ist.

Interessieren würde mich nur noch, was nun eigentlich so auf meinem Rechner los war. Und was hatte es mit diesem Sinowal-Fund auf sich ? Kann ich einigermaßen sicher davon ausgehen, dass in dieser Hinsicht keine Gefahr mehr besteht ?

Welche der durchgeführten Scans sollte man denn routinemäßig ab und zu durchführen ?

Auf jeden Fall hast Du mir sehr geholfen ! Vielen Dank dafür !

MfG Gerd

Zitat:

Wenn ich AntiVir starte, steht das Programm einige Sekunden lang. Also ich kann da nichts anklicken oder so. Weiß nicht, ob das wesentlich ist.

Überleg dir gut, ob du in Zukunft weiterhin bei AntiVir bleiben willst. Die haben eine sehr fragwürdige Entscheidung getroffen, was nicht gerade seriös wirkt => http://www.trojaner-board.de/100374-...e-und-ask.html

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Ok, hab das mal soweit alles befolgt.
Hoffentlich bleib ich jetzt mal ne Weile verschont.
Auf jeden Fall nochmal vielen Dank. Wenn ich mich irgendwann mal wieder traue, Online-banking zu machen :crazy: ist euch eine Spende sicher.

Bis demnächst mal.
MfG Gerd

Zitat:

ist euch eine Spende sicher.

:dankeschoen: :daumenhoc