Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Delayed Write Failed (Alle Icons weg, Schwarzer Hintergrund...) (https://www.trojaner-board.de/107195-delayed-write-failed-alle-icons-weg-schwarzer-hintergrund.html)

Klaros 29.12.2011 16:51
Delayed Write Failed (Alle Icons weg, Schwarzer Hintergrund...)
 
Hallo alle zusammen.

Ich hatte heut morgen ein Problem mit meinem Laptop. Und zwar, ist er irgendwann von alleine ausgegangen, wieder angegangen und da waren alle Icons weg und der Hintergrund schwarz. Task-Manager lies sich nicht öffnen. Dann kamen auch unzählige Meldungen in dennen dies drin stand:

"Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\00004509. The file is corrupted or unreadable. This may be caused by a PC hardware problem." Die Zahl hinter System32 hat glaube ich immer variiert.

Und es war noch ein Programm auf meinem PC namens "System Check", dass ich gar nicht kenne. Weiß nicht ob das was damit zu tun hat...

Dann hat mein Bruder was an meinem Laptop gemacht und seitdem kommt die oben genannte Meldung nicht mehr. Weiß nicht ob es jetzt komplett weg ist und deswegen suche ich hier im Forum hilfe.

Habe alles aus der Hilfe "Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?" beachtet und lade es in einer Zip Datei mal hoch.

Gruß Klaros

cosinus 29.12.2011 18:03
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Klaros 29.12.2011 21:39
Hier der Log des lezten Malwarebytes Scans:

Code:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.29.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
DENNIS :: PC-DENNIS [Administrator]

29.12.2011 18:22:05
mbam-log-2011-12-29 (18-22-05).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 256244
Laufzeit: 1 Stunde(n), 22 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\DENNIS\AppData\Local\Temp\HF5IVxjKqYyR6k.exe.tmp (Rogue.FakeHDD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\DENNIS\AppData\Local\Temp\oiu0.14701763259318823.exe (Rogue.FakeHDD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\DENNIS\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\58d00b10-466ec4d8 (Rogue.FakeHDD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\DENNIS\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\58d00b10-71cf76cb (Rogue.FakeHDD) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Hier der Log eines älteren Malwarebytes Scans:

Code:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.24.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
DENNIS :: PC-DENNIS [Administrator]

29.12.2011 14:29:42
mbam-log-2011-12-29 (14-29-42).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 70945
Laufzeit: 27 Minute(n), 58 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 2
C:\ProgramData\FOUQNDYWIOKrHwX.exe (Rogue.FakeHDD) -> 3124 -> Löschen bei Neustart.
C:\ProgramData\0MP7XeLHIlm86s.exe (Trojan.FakeAlert) -> 4084 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|FOUQNDYWIOKrHwX.exe (Rogue.FakeHDD) -> Daten: C:\ProgramData\FOUQNDYWIOKrHwX.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\ProgramData\FOUQNDYWIOKrHwX.exe (Rogue.FakeHDD) -> Löschen bei Neustart.
C:\ProgramData\0MP7XeLHIlm86s.exe (Trojan.FakeAlert) -> Löschen bei Neustart.

(Ende)
Und hier der ESET Log:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bf339248de25f14b8f8e70dc4c593b5f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-29 08:25:18
# local_time=2011-12-29 09:25:18 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 5814344 5814344 0 0
# compatibility_mode=5893 16776573 100 94 4068 76816432 0 0
# compatibility_mode=8192 67108863 100 0 3739 3739 0 0
# scanned=107077
# found=2
# cleaned=0
# scan_time=5077
C:\Users\DENNIS\AppData\Local\Temp\EEF.tmp        a variant of Win32/Kryptik.YDU trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\DENNIS\AppData\Local\Temp\unregmp2.exe        a variant of Win32/Kryptik.YDU trojan (unable to clean)        00000000000000000000000000000000        I
Gruß Klaros

cosinus 30.12.2011 00:02
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Klaros 30.12.2011 00:46
Hier der OTL Log:

OTL Logfile:
Code:
OTL logfile created on: 30.12.2011 00:26:06 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\DENNIS\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,22 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 71,19% Memory free
6,43 Gb Paging File | 5,27 Gb Available in Paging File | 81,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,66 Gb Total Space | 113,91 Gb Free Space | 75,61% Space Free | Partition Type: NTFS
Drive E: | 145,97 Gb Total Space | 126,45 Gb Free Space | 86,63% Space Free | Partition Type: NTFS
 
Computer Name: PC-DENNIS | User Name: DENNIS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.29 15:49:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\DENNIS\Downloads\OTL.exe
PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.22 09:01:00 | 000,593,920 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011.08.12 16:13:26 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.03.09 00:05:28 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.06.17 05:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
PRC - [2010.05.07 15:40:06 | 000,719,688 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010.05.07 15:38:14 | 001,051,976 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009.08.18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.14 17:19:41 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011.10.14 17:19:16 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.14 17:19:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.14 17:19:02 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.14 17:18:50 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.08.22 09:01:00 | 001,515,520 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011.08.22 09:01:00 | 000,593,920 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011.08.22 09:01:00 | 000,559,244 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011.08.22 09:01:00 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011.08.22 09:01:00 | 000,389,120 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011.08.22 09:01:00 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011.08.22 09:01:00 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011.08.22 09:01:00 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.25 12:43:33 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.12 16:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.09 00:05:28 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2010.06.17 05:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2010.05.24 12:14:54 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.05.07 15:38:14 | 001,051,976 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.05.07 15:34:32 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.08 13:45:04 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.04.03 11:03:59 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.10.13 23:05:48 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.10.13 23:05:47 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.06.23 09:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.25 10:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.02.18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.10.26 07:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.09.21 16:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.08.18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.04.29 14:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2008.07.15 18:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007.11.09 04:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.08.07 05:26:14 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005.11.14 12:28:00 | 000,034,176 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2media.sys -- (O2MDRDR)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mythos-europe.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 9C C7 16 0A 81 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009
FF - prefs.js..network.proxy.http: "141.24.249.130"
FF - prefs.js..network.proxy.http_port: 3127
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\DENNIS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\copytolightning@corel.com: C:\Program Files\WordPerfect Lightning\Programs\FirefoxExtension\ [2011.05.01 14:46:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.10 06:18:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.31 18:23:14 | 000,000,000 | ---D | M]
 
[2010.11.10 20:06:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DENNIS\AppData\Roaming\mozilla\Extensions
[2011.12.29 13:08:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DENNIS\AppData\Roaming\mozilla\Firefox\Profiles\63p84wyt.default\extensions
[2011.12.22 08:51:28 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\DENNIS\AppData\Roaming\mozilla\Firefox\Profiles\63p84wyt.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.07.24 12:00:27 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\DENNIS\AppData\Roaming\mozilla\Firefox\Profiles\63p84wyt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.25 13:09:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DENNIS\AppData\Roaming\mozilla\Firefox\Profiles\63p84wyt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.12.29 13:08:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DENNIS\AppData\Roaming\mozilla\Firefox\Profiles\63p84wyt.default\extensions\staged
[2011.03.02 23:26:52 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\DENNIS\AppData\Roaming\mozilla\Firefox\Profiles\63p84wyt.default\extensions\YoutubeDownloader@PeterOlayev.com
[2011.07.24 12:00:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DENNIS\AppData\Roaming\mozilla\Firefox\Profiles\c0pulky3.default\extensions
[2010.11.10 20:00:13 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\DENNIS\AppData\Roaming\mozilla\Firefox\Profiles\c0pulky3.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.07.24 12:00:27 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\DENNIS\AppData\Roaming\mozilla\Firefox\Profiles\c0pulky3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.11.10 20:00:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\DENNIS\AppData\Roaming\mozilla\Firefox\Profiles\c0pulky3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.11.10 06:18:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\63P84WYT.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\63P84WYT.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2011.11.10 06:18:37 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.01 09:34:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.30 05:28:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.30 05:28:27 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.30 05:28:27 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.30 05:28:27 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.30 05:28:27 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.30 05:28:27 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\DENNIS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F0C03F3-9730-4CF8-9A18-2484635BB7C3}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{252bb26d-337d-11e0-8490-00238b5e4811}\Shell - "" = AutoRun
O33 - MountPoints2\{252bb26d-337d-11e0-8490-00238b5e4811}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Camera Assistant Software - hkey= - key= - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe ()
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.29 19:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.29 19:56:35 | 002,322,184 | ---- | C] (ESET) -- C:\Users\DENNIS\Desktop\esetsmartinstaller_enu.exe
[2011.12.29 16:37:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.12.29 16:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011.12.29 15:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011.12.29 14:28:48 | 000,000,000 | ---D | C] -- C:\Users\DENNIS\AppData\Roaming\Malwarebytes
[2011.12.29 14:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.29 14:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.29 14:28:40 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.29 14:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.29 12:54:52 | 000,000,000 | ---D | C] -- C:\Users\DENNIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2011.12.22 09:58:12 | 000,000,000 | ---D | C] -- C:\Users\DENNIS\Desktop\Neuer Ordner (3)
[2011.12.14 18:03:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.12.03 20:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011.12.03 20:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.30 00:23:37 | 000,013,237 | ---- | M] () -- C:\Users\DENNIS\Desktop\OTL.lnk
[2011.12.30 00:23:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.29 19:57:53 | 000,013,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.29 19:57:53 | 000,013,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.29 19:56:37 | 002,322,184 | ---- | M] (ESET) -- C:\Users\DENNIS\Desktop\esetsmartinstaller_enu.exe
[2011.12.29 19:50:36 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.29 19:50:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.29 19:50:19 | 2590,789,632 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.29 16:37:40 | 000,021,669 | ---- | M] () -- C:\Users\DENNIS\Desktop\Ordner.zip
[2011.12.29 15:47:42 | 000,000,000 | ---- | M] () -- C:\Users\DENNIS\defogger_reenable
[2011.12.29 14:28:42 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011.12.29 13:44:28 | 000,000,312 | ---- | M] () -- C:\ProgramData\~0MP7XeLHIlm86s
[2011.12.29 13:44:28 | 000,000,224 | ---- | M] () -- C:\ProgramData\~0MP7XeLHIlm86sr
[2011.12.29 12:55:21 | 000,000,432 | ---- | M] () -- C:\ProgramData\0MP7XeLHIlm86s
[2011.12.29 12:54:52 | 000,000,658 | ---- | M] () -- C:\Users\DENNIS\Desktop\System Check.lnk
[2011.12.28 23:15:11 | 012,520,004 | ---- | M] () -- C:\Users\DENNIS\Desktop\Tyga - Make It Nasty (Official Video).mp4
[2011.12.14 22:15:18 | 000,664,634 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.14 22:15:18 | 000,624,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.14 22:15:18 | 000,134,770 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.14 22:15:18 | 000,110,414 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.14 20:04:27 | 000,427,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.08 13:45:04 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.03 23:25:17 | 022,161,674 | ---- | M] () -- C:\Users\DENNIS\Desktop\34449681_mp4_h264_aac_hq.mp4
[2011.12.03 20:32:56 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011.12.03 10:55:34 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.30 00:23:37 | 000,013,237 | ---- | C] () -- C:\Users\DENNIS\Desktop\OTL.lnk
[2011.12.29 16:37:40 | 000,021,669 | ---- | C] () -- C:\Users\DENNIS\Desktop\Ordner.zip
[2011.12.29 15:47:42 | 000,000,000 | ---- | C] () -- C:\Users\DENNIS\defogger_reenable
[2011.12.29 14:28:42 | 000,001,036 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011.12.29 13:51:24 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.12.29 13:51:24 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2011.12.29 13:51:24 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.29 13:51:24 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011.12.29 13:51:20 | 000,001,684 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011.12.29 13:51:20 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011.12.29 13:51:20 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011.12.29 13:51:19 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.12.29 13:51:19 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011.12.29 13:51:19 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011.12.29 13:51:19 | 000,001,340 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities.lnk
[2011.12.29 13:51:19 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011.12.29 13:51:19 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011.12.29 13:51:19 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.12.29 13:51:19 | 000,000,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2011.12.29 13:44:28 | 000,000,224 | ---- | C] () -- C:\ProgramData\~0MP7XeLHIlm86sr
[2011.12.29 13:44:27 | 000,000,312 | ---- | C] () -- C:\ProgramData\~0MP7XeLHIlm86s
[2011.12.29 12:54:52 | 000,000,658 | ---- | C] () -- C:\Users\DENNIS\Desktop\System Check.lnk
[2011.12.29 12:54:47 | 000,000,432 | ---- | C] () -- C:\ProgramData\0MP7XeLHIlm86s
[2011.12.28 23:14:29 | 012,520,004 | ---- | C] () -- C:\Users\DENNIS\Desktop\Tyga - Make It Nasty (Official Video).mp4
[2011.12.03 23:22:10 | 022,161,674 | ---- | C] () -- C:\Users\DENNIS\Desktop\34449681_mp4_h264_aac_hq.mp4
[2011.06.03 09:21:44 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2011.05.01 14:47:41 | 000,003,766 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2011.05.01 14:47:41 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\FA6B8C82D3.sys
[2011.03.12 15:45:47 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.11 11:53:37 | 000,012,369 | ---- | C] () -- C:\Windows\German.ini
[2010.11.22 19:40:40 | 000,007,598 | ---- | C] () -- C:\Users\DENNIS\AppData\Local\Resmon.ResmonCfg
[2010.11.04 17:22:13 | 000,000,094 | ---- | C] () -- C:\Users\DENNIS\AppData\Local\fusioncache.dat
[2010.10.21 22:37:00 | 000,019,456 | ---- | C] () -- C:\Users\DENNIS\AppData\Local\WebpageIcons.db
[2010.10.10 16:20:55 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.10 16:20:45 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.10.04 20:54:32 | 000,138,056 | ---- | C] () -- C:\Users\DENNIS\AppData\Roaming\PnkBstrK.sys
[2010.05.24 10:31:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 09:47:43 | 000,664,634 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,134,770 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,427,488 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,624,776 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,110,414 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.18 18:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.02.18 16:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.02.03 19:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2007.06.05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
 
========== LOP Check ==========
 
[2011.05.06 13:24:31 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\.minecraft
[2011.12.03 22:25:22 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\DVDVideoSoft
[2011.03.02 23:33:18 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.26 16:51:31 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\Frogwares
[2011.05.01 14:37:44 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\GetRightToGo
[2011.10.19 20:55:26 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\HTC
[2011.05.22 10:26:11 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010.10.02 14:36:57 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\IrfanView
[2011.11.14 17:07:44 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\LolClient
[2011.07.16 22:25:10 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\runic games
[2011.07.23 11:13:26 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\TIPP10
[2011.07.24 22:50:08 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\TS3Client
[2010.05.24 12:14:40 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\TuneUp Software
[2010.11.04 17:24:14 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\Turbine
[2011.06.01 13:48:27 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\Unity
[2010.09.29 12:54:51 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\WinBatch
[2011.01.27 15:26:25 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.05.06 13:24:31 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\.minecraft
[2011.05.22 10:23:28 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\Adobe
[2011.04.03 11:06:09 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\ATI
[2011.10.23 12:55:40 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\Avira
[2011.05.01 14:47:42 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\Corel
[2010.12.03 22:08:01 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\DivX
[2010.07.29 16:37:48 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\dvdcss
[2011.12.03 22:25:22 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\DVDVideoSoft
[2011.03.02 23:33:18 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.26 16:51:31 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\Frogwares
[2011.05.01 14:37:44 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\GetRightToGo
[2011.10.19 20:55:26 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\HTC
[2011.05.22 10:26:11 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010.05.24 10:54:03 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\Identities
[2010.09.29 12:54:53 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\InstallShield
[2010.10.02 14:36:57 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\IrfanView
[2011.11.14 17:07:44 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\LolClient
[2010.05.24 11:19:31 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\Macromedia
[2011.12.29 14:28:48 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\Media Center Programs
[2011.10.19 17:42:25 | 000,000,000 | --SD | M] -- C:\Users\DENNIS\AppData\Roaming\Microsoft
[2010.11.10 20:06:28 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\Mozilla
[2011.07.16 22:25:10 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\runic games
[2011.12.28 22:51:12 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\Skype
[2011.06.17 21:39:40 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\skypePM
[2010.05.30 18:04:57 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\teamspeak2
[2011.07.23 11:13:26 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\TIPP10
[2011.07.24 22:50:08 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\TS3Client
[2010.05.24 12:14:40 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\TuneUp Software
[2010.11.04 17:24:14 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\Turbine
[2011.06.01 13:48:27 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\Unity
[2011.09.10 08:08:17 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\vlc
[2011.08.28 06:49:16 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\Winamp
[2010.09.29 12:54:51 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\WinBatch
[2010.05.24 14:45:56 | 000,000,000 | ---D | M] -- C:\Users\DENNIS\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.05.22 12:59:17 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\DENNIS\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.07.16 20:31:35 | 000,065,024 | R--- | M] () -- C:\Users\DENNIS\AppData\Roaming\Microsoft\Installer\{4F64A46D-67F7-4497-AEA2-313D4305A5F6}\Icon4F64A46D.exe
[2011.07.16 20:31:35 | 000,035,328 | R--- | M] () -- C:\Users\DENNIS\AppData\Roaming\Microsoft\Installer\{4F64A46D-67F7-4497-AEA2-313D4305A5F6}\Icon4F64A46D1.exe
[2011.05.01 14:47:13 | 000,335,872 | R--- | M] (Macrovision Corporation) -- C:\Users\DENNIS\AppData\Roaming\Microsoft\Installer\{F6EE49FD-B736-4888-A05A-115F3B1160FA}\ARPPRODUCTICON.exe
[2011.06.25 16:39:54 | 000,188,152 | ---- | M] () -- C:\Users\DENNIS\AppData\Roaming\Mozilla\Firefox\Profiles\63p84wyt.default\FlashGot.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll

< End of report >
Gruß Klaros

cosinus 30.12.2011 01:08
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009
FF - prefs.js..network.proxy.http: "141.24.249.130"
FF - prefs.js..network.proxy.http_port: 3127
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{252bb26d-337d-11e0-8490-00238b5e4811}\Shell - "" = AutoRun
O33 - MountPoints2\{252bb26d-337d-11e0-8490-00238b5e4811}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
[2011.12.29 12:54:52 | 000,000,658 | ---- | M] () -- C:\Users\DENNIS\Desktop\System Check.lnk
C:\ProgramData\0*
C:\ProgramData\~*
:Files
C:\Windows\system32\consrv.dll
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Klaros 30.12.2011 10:57
Moin, habe den Text eingefügt, den Fix begonnen und dann ist der PC sich neugestartet. Hier die OTL-Log:

Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{252bb26d-337d-11e0-8490-00238b5e4811}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{252bb26d-337d-11e0-8490-00238b5e4811}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{252bb26d-337d-11e0-8490-00238b5e4811}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{252bb26d-337d-11e0-8490-00238b5e4811}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
C:\Users\DENNIS\Desktop\System Check.lnk moved successfully.
========== FILES ==========
File\Folder C:\Windows\system32\consrv.dll not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: DENNIS
->Temp folder emptied: 1939699 bytes
->Temporary Internet Files folder emptied: 2626647 bytes
->Java cache emptied: 630954 bytes
->FireFox cache emptied: 157889921 bytes
->Flash cache emptied: 59679 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1966129 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 158,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12302011_104725

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Gruß Klaros

cosinus 30.12.2011 18:41
Mir ist ein kleiner Fehler unterlaufen. :stirn:
Wiederhol das mit dem OTL-Fix bitte nochmal aber nimm diesen Text hier:

Code:
:Files
C:\ProgramData\0*
C:\ProgramData\~*
C:\Windows\system32\consrv.dll
:Commands
[emptytemp]
[resethosts]

Klaros 30.12.2011 19:20
Hat der Fehler, der dir unterlaufen ist, irgendwelche negativen Auswirkungen auf mein System?

Hier der OTL-Log:
Code:
All processes killed
========== FILES ==========
C:\ProgramData\0MP7XeLHIlm86s moved successfully.
C:\ProgramData\~0MP7XeLHIlm86s moved successfully.
C:\ProgramData\~0MP7XeLHIlm86sr moved successfully.
File\Folder C:\Windows\system32\consrv.dll not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: DENNIS
->Temp folder emptied: 4440 bytes
->Temporary Internet Files folder emptied: 4569850 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 192448666 bytes
->Flash cache emptied: 1315 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3300 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 188,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12302011_191214

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Gruß Klaros

cosinus 30.12.2011 19:43
Nein, es wurden nur nicht wie gewünscht alle Elemente gelöscht. Nichts negatives.
Jetzt aber sind sie weg :D

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Klaros 30.12.2011 22:57
Puh, da bin ich ja beruhigt, dass nichts negatives passiert ist! :'D

Nun gut, hier das TDSS Killer Log:
Code:
22:48:31.0673 2928        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
22:48:32.0547 2928        ============================================================
22:48:32.0547 2928        Current date / time: 2011/12/30 22:48:32.0547
22:48:32.0547 2928        SystemInfo:
22:48:32.0547 2928       
22:48:32.0547 2928        OS Version: 6.1.7601 ServicePack: 1.0
22:48:32.0547 2928        Product type: Workstation
22:48:32.0547 2928        ComputerName: PC-DENNIS
22:48:32.0547 2928        UserName: DENNIS
22:48:32.0547 2928        Windows directory: C:\Windows
22:48:32.0547 2928        System windows directory: C:\Windows
22:48:32.0547 2928        Processor architecture: Intel x86
22:48:32.0547 2928        Number of processors: 2
22:48:32.0547 2928        Page size: 0x1000
22:48:32.0547 2928        Boot type: Normal boot
22:48:32.0547 2928        ============================================================
22:48:33.0639 2928        Initialize success
22:48:53.0217 2108        ============================================================
22:48:53.0217 2108        Scan started
22:48:53.0217 2108        Mode: Manual; SigCheck; TDLFS;
22:48:53.0217 2108        ============================================================
22:48:53.0763 2108        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
22:48:53.0919 2108        1394ohci - ok
22:48:53.0981 2108        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
22:48:54.0028 2108        ACPI - ok
22:48:54.0137 2108        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
22:48:54.0231 2108        AcpiPmi - ok
22:48:54.0402 2108        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:48:54.0465 2108        adp94xx - ok
22:48:54.0496 2108        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:48:54.0527 2108        adpahci - ok
22:48:54.0543 2108        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:48:54.0574 2108        adpu320 - ok
22:48:54.0683 2108        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
22:48:54.0761 2108        AFD - ok
22:48:54.0808 2108        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
22:48:54.0824 2108        agp440 - ok
22:48:54.0933 2108        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:48:54.0995 2108        aic78xx - ok
22:48:55.0058 2108        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
22:48:55.0104 2108        aliide - ok
22:48:55.0260 2108        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
22:48:55.0307 2108        amdagp - ok
22:48:55.0354 2108        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
22:48:55.0385 2108        amdide - ok
22:48:55.0494 2108        amdiox86        (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
22:48:55.0604 2108        amdiox86 - ok
22:48:55.0650 2108        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:48:55.0760 2108        AmdK8 - ok
22:48:55.0884 2108        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:48:55.0994 2108        AmdPPM - ok
22:48:56.0087 2108        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
22:48:56.0118 2108        amdsata - ok
22:48:56.0165 2108        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:48:56.0212 2108        amdsbs - ok
22:48:56.0243 2108        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
22:48:56.0259 2108        amdxata - ok
22:48:56.0399 2108        AODDriver4.0 - ok
22:48:56.0508 2108        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
22:48:56.0618 2108        AppID - ok
22:48:56.0680 2108        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:48:56.0711 2108        arc - ok
22:48:56.0789 2108        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:48:56.0867 2108        arcsas - ok
22:48:57.0008 2108        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:48:57.0132 2108        AsyncMac - ok
22:48:57.0179 2108        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
22:48:57.0195 2108        atapi - ok
22:48:57.0351 2108        athr            (ac4adac154563ab41cc79b0257bc685a) C:\Windows\system32\DRIVERS\athr.sys
22:48:57.0444 2108        athr - ok
22:48:57.0585 2108        AtiHDAudioService (95b1e9804ca10d096c0383f7c6684950) C:\Windows\system32\drivers\AtihdW73.sys
22:48:57.0647 2108        AtiHDAudioService - ok
22:48:57.0834 2108        atikmdag        (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
22:48:58.0100 2108        atikmdag - ok
22:48:58.0256 2108        atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
22:48:58.0318 2108        atksgt - ok
22:48:58.0458 2108        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
22:48:58.0505 2108        avgntflt - ok
22:48:58.0552 2108        avipbb          (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
22:48:58.0599 2108        avipbb - ok
22:48:58.0708 2108        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
22:48:58.0755 2108        avkmgr - ok
22:48:58.0833 2108        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:48:58.0911 2108        b06bdrv - ok
22:48:59.0004 2108        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:48:59.0051 2108        b57nd60x - ok
22:48:59.0114 2108        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:48:59.0160 2108        Beep - ok
22:48:59.0270 2108        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:48:59.0348 2108        blbdrive - ok
22:48:59.0379 2108        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
22:48:59.0457 2108        bowser - ok
22:48:59.0566 2108        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:48:59.0675 2108        BrFiltLo - ok
22:48:59.0753 2108        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:48:59.0831 2108        BrFiltUp - ok
22:48:59.0894 2108        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:48:59.0940 2108        Brserid - ok
22:49:00.0034 2108        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:49:00.0096 2108        BrSerWdm - ok
22:49:00.0128 2108        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:49:00.0174 2108        BrUsbMdm - ok
22:49:00.0190 2108        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:49:00.0237 2108        BrUsbSer - ok
22:49:00.0346 2108        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:49:00.0424 2108        BTHMODEM - ok
22:49:00.0486 2108        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:49:00.0549 2108        cdfs - ok
22:49:00.0674 2108        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
22:49:00.0752 2108        cdrom - ok
22:49:00.0861 2108        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:49:00.0923 2108        circlass - ok
22:49:00.0986 2108        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:49:01.0017 2108        CLFS - ok
22:49:01.0157 2108        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:49:01.0204 2108        CmBatt - ok
22:49:01.0235 2108        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
22:49:01.0266 2108        cmdide - ok
22:49:01.0282 2108        CNG            (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
22:49:01.0329 2108        CNG - ok
22:49:01.0438 2108        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:49:01.0485 2108        Compbatt - ok
22:49:01.0532 2108        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
22:49:01.0625 2108        CompositeBus - ok
22:49:01.0734 2108        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:49:01.0781 2108        crcdisk - ok
22:49:01.0859 2108        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
22:49:01.0922 2108        DfsC - ok
22:49:02.0015 2108        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:49:02.0109 2108        discache - ok
22:49:02.0140 2108        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:49:02.0171 2108        Disk - ok
22:49:02.0280 2108        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:49:02.0343 2108        drmkaud - ok
22:49:02.0421 2108        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
22:49:02.0499 2108        DXGKrnl - ok
22:49:02.0717 2108        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:49:02.0842 2108        ebdrv - ok
22:49:02.0982 2108        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:49:03.0045 2108        elxstor - ok
22:49:03.0092 2108        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
22:49:03.0154 2108        ErrDev - ok
22:49:03.0279 2108        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:49:03.0435 2108        exfat - ok
22:49:03.0450 2108        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:49:03.0497 2108        fastfat - ok
22:49:03.0544 2108        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:49:03.0575 2108        fdc - ok
22:49:03.0700 2108        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:49:03.0762 2108        FileInfo - ok
22:49:03.0794 2108        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:49:03.0872 2108        Filetrace - ok
22:49:03.0903 2108        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:49:03.0950 2108        flpydisk - ok
22:49:04.0059 2108        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:49:04.0106 2108        FltMgr - ok
22:49:04.0137 2108        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:49:04.0168 2108        FsDepends - ok
22:49:04.0184 2108        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
22:49:04.0215 2108        Fs_Rec - ok
22:49:04.0262 2108        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
22:49:04.0277 2108        fvevol - ok
22:49:04.0386 2108        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:49:04.0433 2108        gagp30kx - ok
22:49:04.0574 2108        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:49:04.0636 2108        hcw85cir - ok
22:49:04.0776 2108        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
22:49:04.0854 2108        HdAudAddService - ok
22:49:04.0886 2108        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
22:49:04.0964 2108        HDAudBus - ok
22:49:05.0057 2108        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:49:05.0135 2108        HidBatt - ok
22:49:05.0151 2108        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:49:05.0198 2108        HidBth - ok
22:49:05.0307 2108        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:49:05.0385 2108        HidIr - ok
22:49:05.0447 2108        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
22:49:05.0494 2108        HidUsb - ok
22:49:05.0588 2108        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
22:49:05.0666 2108        HpSAMD - ok
22:49:05.0759 2108        HSF_DPV        (ee4b433cf5b77ca55d2b7f6111c23c8b) C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:49:05.0853 2108        HSF_DPV ( UnsignedFile.Multi.Generic ) - warning
22:49:05.0853 2108        HSF_DPV - detected UnsignedFile.Multi.Generic (1)
22:49:05.0962 2108        HSXHWAZL        (155c5a5e499ef780286b0731b5b72dbf) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
22:49:06.0024 2108        HSXHWAZL ( UnsignedFile.Multi.Generic ) - warning
22:49:06.0024 2108        HSXHWAZL - detected UnsignedFile.Multi.Generic (1)
22:49:06.0071 2108        HTCAND32        (950cc1e6ae3a6cd23e0945cde089b02c) C:\Windows\system32\Drivers\ANDROIDUSB.sys
22:49:06.0134 2108        HTCAND32 - ok
22:49:06.0243 2108        htcnprot        (339adefad60353f960e3ca67ce468c24) C:\Windows\system32\DRIVERS\htcnprot.sys
22:49:06.0336 2108        htcnprot - ok
22:49:06.0461 2108        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
22:49:06.0524 2108        HTTP - ok
22:49:06.0571 2108        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
22:49:06.0586 2108        hwpolicy - ok
22:49:06.0695 2108        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
22:49:06.0742 2108        i8042prt - ok
22:49:06.0805 2108        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
22:49:06.0867 2108        iaStorV - ok
22:49:06.0961 2108        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:49:07.0007 2108        iirsp - ok
22:49:07.0070 2108        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
22:49:07.0117 2108        intelide - ok
22:49:07.0132 2108        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:49:07.0195 2108        intelppm - ok
22:49:07.0288 2108        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:49:07.0397 2108        IpFilterDriver - ok
22:49:07.0460 2108        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
22:49:07.0553 2108        IPMIDRV - ok
22:49:07.0663 2108        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:49:07.0803 2108        IPNAT - ok
22:49:07.0850 2108        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:49:07.0865 2108        IRENUM - ok
22:49:07.0912 2108        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
22:49:07.0959 2108        isapnp - ok
22:49:08.0068 2108        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
22:49:08.0099 2108        iScsiPrt - ok
22:49:08.0162 2108        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:49:08.0209 2108        kbdclass - ok
22:49:08.0302 2108        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
22:49:08.0349 2108        kbdhid - ok
22:49:08.0411 2108        KMWDFILTERx86  (4476fe98aaf505acdcd3ee6360aabec1) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
22:49:08.0458 2108        KMWDFILTERx86 - ok
22:49:08.0567 2108        KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
22:49:08.0614 2108        KSecDD - ok
22:49:08.0645 2108        KSecPkg        (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
22:49:08.0677 2108        KSecPkg - ok
22:49:08.0817 2108        lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
22:49:08.0864 2108        lirsgt - ok
22:49:08.0926 2108        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:49:09.0067 2108        lltdio - ok
22:49:09.0176 2108        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:49:09.0223 2108        LSI_FC - ok
22:49:09.0254 2108        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:49:09.0269 2108        LSI_SAS - ok
22:49:09.0316 2108        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:49:09.0332 2108        LSI_SAS2 - ok
22:49:09.0363 2108        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:49:09.0394 2108        LSI_SCSI - ok
22:49:09.0472 2108        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:49:09.0613 2108        luafv - ok
22:49:09.0675 2108        mdmxsdk        (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:49:09.0722 2108        mdmxsdk ( UnsignedFile.Multi.Generic ) - warning
22:49:09.0722 2108        mdmxsdk - detected UnsignedFile.Multi.Generic (1)
22:49:09.0815 2108        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:49:09.0878 2108        megasas - ok
22:49:09.0956 2108        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:49:10.0003 2108        MegaSR - ok
22:49:10.0096 2108        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:49:10.0205 2108        Modem - ok
22:49:10.0252 2108        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:49:10.0299 2108        monitor - ok
22:49:10.0408 2108        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
22:49:10.0455 2108        mouclass - ok
22:49:10.0517 2108        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:49:10.0564 2108        mouhid - ok
22:49:10.0673 2108        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
22:49:10.0720 2108        mountmgr - ok
22:49:10.0767 2108        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
22:49:10.0798 2108        mpio - ok
22:49:10.0861 2108        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:49:10.0923 2108        mpsdrv - ok
22:49:11.0032 2108        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
22:49:11.0173 2108        MRxDAV - ok
22:49:11.0266 2108        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:49:11.0344 2108        mrxsmb - ok
22:49:11.0407 2108        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:49:11.0469 2108        mrxsmb10 - ok
22:49:11.0547 2108        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:49:11.0625 2108        mrxsmb20 - ok
22:49:11.0687 2108        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
22:49:11.0719 2108        msahci - ok
22:49:11.0750 2108        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
22:49:11.0781 2108        msdsm - ok
22:49:11.0890 2108        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:49:11.0937 2108        Msfs - ok
22:49:11.0968 2108        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:49:12.0031 2108        mshidkmdf - ok
22:49:12.0062 2108        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
22:49:12.0077 2108        msisadrv - ok
22:49:12.0202 2108        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:49:12.0311 2108        MSKSSRV - ok
22:49:12.0343 2108        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:49:12.0421 2108        MSPCLOCK - ok
22:49:12.0436 2108        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:49:12.0499 2108        MSPQM - ok
22:49:12.0608 2108        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:49:12.0670 2108        MsRPC - ok
22:49:12.0717 2108        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
22:49:12.0779 2108        mssmbios - ok
22:49:12.0811 2108        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:49:12.0889 2108        MSTEE - ok
22:49:12.0998 2108        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:49:13.0076 2108        MTConfig - ok
22:49:13.0123 2108        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:49:13.0169 2108        Mup - ok
22:49:13.0263 2108        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:49:13.0310 2108        NativeWifiP - ok
22:49:13.0419 2108        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
22:49:13.0466 2108        NDIS - ok
22:49:13.0559 2108        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:49:13.0653 2108        NdisCap - ok
22:49:13.0700 2108        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:49:13.0809 2108        NdisTapi - ok
22:49:13.0871 2108        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
22:49:13.0965 2108        Ndisuio - ok
22:49:13.0996 2108        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
22:49:14.0074 2108        NdisWan - ok
22:49:14.0137 2108        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
22:49:14.0230 2108        NDProxy - ok
22:49:14.0324 2108        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:49:14.0433 2108        NetBIOS - ok
22:49:14.0511 2108        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
22:49:14.0620 2108        NetBT - ok
22:49:14.0745 2108        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:49:14.0776 2108        nfrd960 - ok
22:49:14.0839 2108        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:49:14.0948 2108        Npfs - ok
22:49:14.0995 2108        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:49:15.0041 2108        nsiproxy - ok
22:49:15.0182 2108        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
22:49:15.0260 2108        Ntfs - ok
22:49:15.0291 2108        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:49:15.0338 2108        Null - ok
22:49:15.0431 2108        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
22:49:15.0478 2108        nvraid - ok
22:49:15.0509 2108        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
22:49:15.0541 2108        nvstor - ok
22:49:15.0572 2108        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
22:49:15.0587 2108        nv_agp - ok
22:49:15.0712 2108        O2MDRDR        (634ff60f418792906887b3d6ceecb431) C:\Windows\system32\DRIVERS\o2media.sys
22:49:15.0821 2108        O2MDRDR - ok
22:49:15.0868 2108        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
22:49:15.0931 2108        ohci1394 - ok
22:49:16.0087 2108        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:49:16.0180 2108        Parport - ok
22:49:16.0211 2108        partmgr        (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
22:49:16.0289 2108        partmgr - ok
22:49:16.0321 2108        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:49:16.0352 2108        Parvdm - ok
22:49:16.0461 2108        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
22:49:16.0508 2108        pci - ok
22:49:16.0523 2108        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
22:49:16.0539 2108        pciide - ok
22:49:16.0586 2108        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:49:16.0601 2108        pcmcia - ok
22:49:16.0617 2108        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:49:16.0633 2108        pcw - ok
22:49:16.0679 2108        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:49:16.0789 2108        PEAUTH - ok
22:49:16.0945 2108        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:49:17.0054 2108        PptpMiniport - ok
22:49:17.0101 2108        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:49:17.0179 2108        Processor - ok
22:49:17.0350 2108        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:49:17.0428 2108        Psched - ok
22:49:17.0506 2108        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:49:17.0647 2108        ql2300 - ok
22:49:17.0725 2108        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:49:17.0787 2108        ql40xx - ok
22:49:17.0818 2108        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:49:17.0849 2108        QWAVEdrv - ok
22:49:17.0865 2108        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:49:17.0912 2108        RasAcd - ok
22:49:18.0037 2108        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:49:18.0099 2108        RasAgileVpn - ok
22:49:18.0130 2108        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:49:18.0193 2108        Rasl2tp - ok
22:49:18.0317 2108        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:49:18.0411 2108        RasPppoe - ok
22:49:18.0427 2108        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:49:18.0473 2108        RasSstp - ok
22:49:18.0520 2108        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
22:49:18.0629 2108        rdbss - ok
22:49:18.0723 2108        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:49:18.0770 2108        rdpbus - ok
22:49:18.0817 2108        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:49:18.0941 2108        RDPCDD - ok
22:49:19.0035 2108        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:49:19.0129 2108        RDPENCDD - ok
22:49:19.0144 2108        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:49:19.0191 2108        RDPREFMP - ok
22:49:19.0238 2108        RDPWD          (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
22:49:19.0300 2108        RDPWD - ok
22:49:19.0409 2108        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
22:49:19.0456 2108        rdyboost - ok
22:49:19.0565 2108        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:49:19.0675 2108        rspndr - ok
22:49:19.0784 2108        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
22:49:19.0846 2108        sbp2port - ok
22:49:19.0909 2108        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
22:49:20.0002 2108        scfilter - ok
22:49:20.0111 2108        sdbus          (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
22:49:20.0205 2108        sdbus - ok
22:49:20.0283 2108        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:49:20.0377 2108        secdrv - ok
22:49:20.0501 2108        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:49:20.0564 2108        Serenum - ok
22:49:20.0876 2108        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:49:20.0938 2108        Serial - ok
22:49:21.0032 2108        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:49:21.0079 2108        sermouse - ok
22:49:21.0141 2108        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
22:49:21.0219 2108        sffdisk - ok
22:49:21.0250 2108        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
22:49:21.0297 2108        sffp_mmc - ok
22:49:21.0375 2108        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:49:21.0437 2108        sffp_sd - ok
22:49:21.0500 2108        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:49:21.0578 2108        sfloppy - ok
22:49:21.0640 2108        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
22:49:21.0671 2108        sisagp - ok
22:49:21.0796 2108        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:49:21.0843 2108        SiSRaid2 - ok
22:49:21.0890 2108        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:49:21.0921 2108        SiSRaid4 - ok
22:49:21.0952 2108        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:49:22.0015 2108        Smb - ok
22:49:22.0139 2108        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:49:22.0171 2108        spldr - ok
22:49:22.0264 2108        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
22:49:22.0342 2108        srv - ok
22:49:22.0436 2108        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
22:49:22.0529 2108        srv2 - ok
22:49:22.0592 2108        SrvHsfHDA      (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:49:22.0654 2108        SrvHsfHDA - ok
22:49:22.0779 2108        SrvHsfV92      (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
22:49:22.0919 2108        SrvHsfV92 - ok
22:49:23.0029 2108        SrvHsfWinac    (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
22:49:23.0091 2108        SrvHsfWinac - ok
22:49:23.0153 2108        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
22:49:23.0200 2108        srvnet - ok
22:49:23.0309 2108        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:49:23.0356 2108        ssmdrv - ok
22:49:23.0450 2108        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:49:23.0497 2108        stexstor - ok
22:49:23.0575 2108        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
22:49:23.0621 2108        swenum - ok
22:49:23.0715 2108        Tcpip          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
22:49:23.0777 2108        Tcpip - ok
22:49:23.0902 2108        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
22:49:23.0949 2108        TCPIP6 - ok
22:49:23.0996 2108        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:49:24.0105 2108        tcpipreg - ok
22:49:24.0167 2108        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:49:24.0277 2108        TDPIPE - ok
22:49:24.0339 2108        TDTCP          (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
22:49:24.0433 2108        TDTCP - ok
22:49:24.0479 2108        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
22:49:24.0542 2108        tdx - ok
22:49:24.0573 2108        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
22:49:24.0651 2108        TermDD - ok
22:49:24.0776 2108        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:49:24.0916 2108        tssecsrv - ok
22:49:24.0979 2108        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:49:25.0057 2108        TsUsbFlt - ok
22:49:25.0166 2108        TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
22:49:25.0213 2108        TuneUpUtilitiesDrv - ok
22:49:25.0337 2108        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:49:25.0462 2108        tunnel - ok
22:49:25.0509 2108        TVALZ          (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
22:49:25.0556 2108        TVALZ - ok
22:49:25.0649 2108        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:49:25.0727 2108        uagp35 - ok
22:49:25.0774 2108        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:49:25.0868 2108        udfs - ok
22:49:25.0993 2108        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:49:26.0055 2108        uliagpkx - ok
22:49:26.0102 2108        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
22:49:26.0149 2108        umbus - ok
22:49:26.0258 2108        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:49:26.0320 2108        UmPass - ok
22:49:26.0367 2108        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
22:49:26.0429 2108        usbccgp - ok
22:49:26.0523 2108        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:49:26.0617 2108        usbcir - ok
22:49:26.0648 2108        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
22:49:26.0695 2108        usbehci - ok
22:49:26.0804 2108        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:49:26.0882 2108        usbhub - ok
22:49:26.0929 2108        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
22:49:26.0960 2108        usbohci - ok
22:49:27.0085 2108        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:49:27.0163 2108        usbprint - ok
22:49:27.0209 2108        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
22:49:27.0256 2108        usbscan - ok
22:49:27.0350 2108        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:49:27.0443 2108        USBSTOR - ok
22:49:27.0490 2108        usbuhci        (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
22:49:27.0553 2108        usbuhci - ok
22:49:27.0662 2108        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
22:49:27.0724 2108        usbvideo - ok
22:49:27.0802 2108        UVCFTR          (237c444fbd1c697a2e3fa60f02c61f22) C:\Windows\system32\Drivers\UVCFTR_S.SYS
22:49:27.0849 2108        UVCFTR - ok
22:49:27.0974 2108        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:49:28.0036 2108        vdrvroot - ok
22:49:28.0083 2108        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:49:28.0161 2108        vga - ok
22:49:28.0192 2108        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:49:28.0255 2108        VgaSave - ok
22:49:28.0348 2108        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:49:28.0426 2108        vhdmp - ok
22:49:28.0457 2108        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:49:28.0520 2108        viaagp - ok
22:49:28.0551 2108        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:49:28.0613 2108        ViaC7 - ok
22:49:28.0691 2108        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:49:28.0754 2108        viaide - ok
22:49:28.0801 2108        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:49:28.0847 2108        volmgr - ok
22:49:28.0863 2108        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:49:28.0894 2108        volmgrx - ok
22:49:28.0941 2108        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:49:29.0003 2108        volsnap - ok
22:49:29.0097 2108        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:49:29.0175 2108        vsmraid - ok
22:49:29.0222 2108        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
22:49:29.0269 2108        vwifibus - ok
22:49:29.0315 2108        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
22:49:29.0409 2108        vwififlt - ok
22:49:29.0534 2108        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:49:29.0596 2108        WacomPen - ok
22:49:29.0643 2108        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:49:29.0721 2108        WANARP - ok
22:49:29.0721 2108        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:49:29.0752 2108        Wanarpv6 - ok
22:49:29.0861 2108        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:49:29.0924 2108        Wd - ok
22:49:29.0971 2108        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:49:30.0017 2108        Wdf01000 - ok
22:49:30.0158 2108        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:49:30.0267 2108        WfpLwf - ok
22:49:30.0298 2108        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:49:30.0345 2108        WIMMount - ok
22:49:30.0423 2108        winachsf        (5b08eb7a6e2aba210a218636fa65927d) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:49:30.0501 2108        winachsf ( UnsignedFile.Multi.Generic ) - warning
22:49:30.0501 2108        winachsf - detected UnsignedFile.Multi.Generic (1)
22:49:30.0641 2108        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
22:49:30.0735 2108        WinUsb - ok
22:49:30.0797 2108        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
22:49:30.0875 2108        WmiAcpi - ok
22:49:30.0985 2108        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:49:31.0109 2108        ws2ifsl - ok
22:49:31.0203 2108        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
22:49:31.0343 2108        WudfPf - ok
22:49:31.0421 2108        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:49:31.0499 2108        WUDFRd - ok
22:49:31.0609 2108        XAudio          (725e96971f22fe237e553eb35fc83564) C:\Windows\system32\DRIVERS\xaudio.sys
22:49:31.0655 2108        XAudio ( UnsignedFile.Multi.Generic ) - warning
22:49:31.0655 2108        XAudio - detected UnsignedFile.Multi.Generic (1)
22:49:31.0765 2108        XDva382 - ok
22:49:31.0874 2108        yukonw7        (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
22:49:31.0921 2108        yukonw7 - ok
22:49:31.0952 2108        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:49:32.0872 2108        \Device\Harddisk0\DR0 - ok
22:49:32.0903 2108        Boot (0x1200)  (5eb82d79b613cad2406447438f819981) \Device\Harddisk0\DR0\Partition0
22:49:32.0903 2108        \Device\Harddisk0\DR0\Partition0 - ok
22:49:32.0950 2108        Boot (0x1200)  (b3a54f822401ea953e7e92bcafdae36c) \Device\Harddisk0\DR0\Partition1
22:49:32.0950 2108        \Device\Harddisk0\DR0\Partition1 - ok
22:49:32.0950 2108        ============================================================
22:49:32.0950 2108        Scan finished
22:49:32.0950 2108        ============================================================
22:49:32.0997 2572        Detected object count: 5
22:49:32.0997 2572        Actual detected object count: 5
22:49:45.0493 2572        HSF_DPV ( UnsignedFile.Multi.Generic ) - skipped by user
22:49:45.0493 2572        HSF_DPV ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:49:45.0493 2572        HSXHWAZL ( UnsignedFile.Multi.Generic ) - skipped by user
22:49:45.0493 2572        HSXHWAZL ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:49:45.0508 2572        mdmxsdk ( UnsignedFile.Multi.Generic ) - skipped by user
22:49:45.0508 2572        mdmxsdk ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:49:45.0508 2572        winachsf ( UnsignedFile.Multi.Generic ) - skipped by user
22:49:45.0508 2572        winachsf ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:49:45.0508 2572        XAudio ( UnsignedFile.Multi.Generic ) - skipped by user
22:49:45.0508 2572        XAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
Gruß Klaros

cosinus 31.12.2011 00:01
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Klaros 31.12.2011 01:04
Okay, hab Combofix ausgeführt, hier das Ergebnis:
Combofix Logfile:
Code:
ComboFix 11-12-30.02 - DENNIS 31.12.2011  0:27.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3294.2117 [GMT 1:00]
ausgeführt von:: c:\users\DENNIS\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
E:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-11-28 bis 2011-12-30  ))))))))))))))))))))))))))))))
.
.
2011-12-30 23:36 . 2011-12-30 23:36        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-12-30 18:16 . 2011-12-30 18:16        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A07DF8F-AE7D-4CAC-B011-6249700A8D86}\offreg.dll
2011-12-30 10:44 . 2011-11-21 10:47        6823496        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A07DF8F-AE7D-4CAC-B011-6249700A8D86}\mpengine.dll
2011-12-30 09:47 . 2011-12-30 09:47        --------        d-----w-        C:\_OTL
2011-12-29 18:58 . 2011-12-29 18:58        --------        d-----w-        c:\program files\ESET
2011-12-29 15:37 . 2011-12-29 15:37        --------        d-----w-        c:\program files\7-Zip
2011-12-29 13:28 . 2011-12-29 13:28        --------        d-----w-        c:\users\DENNIS\AppData\Roaming\Malwarebytes
2011-12-29 13:28 . 2011-12-29 13:28        --------        d-----w-        c:\programdata\Malwarebytes
2011-12-29 13:28 . 2011-12-29 13:28        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-12-29 13:28 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-12-14 05:18 . 2011-11-24 04:25        2342912        ----a-w-        c:\windows\system32\win32k.sys
2011-12-14 05:18 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-12-14 05:17 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\system32\EncDec.dll
2011-12-14 05:17 . 2011-10-26 04:47        3912560        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-12-14 05:17 . 2011-10-26 04:47        3967856        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-12-14 05:17 . 2011-10-26 04:28        38912        ----a-w-        c:\windows\system32\csrsrv.dll
2011-12-03 19:32 . 2011-12-29 14:17        --------        d-----w-        c:\program files\Steam
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 12:45 . 2011-10-23 11:55        134856        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-12-03 19:29 . 2011-05-21 04:24        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-23 18:51 . 2010-05-24 13:43        1092400        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-10-11 13:00 . 2011-10-23 11:55        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-23 11:55        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2011-11-10 05:18 . 2011-03-22 21:11        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-08-22 593920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-09-26 12:22        417792        ----a-w-        c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-03-27 06:35        36352        ----a-w-        c:\program files\Winamp\winampa.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Steam"="c:\program files\Steam\Steam.exe" -silent
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 XDva382;XDva382;c:\windows\system32\XDva382.sys [x]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2005-11-14 34176]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-08 294400]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-04-03 101392]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 41926377
*Deregistered* - 41926377
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-19 18:12]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-19 18:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://mythos-europe.com
IE: Copy to &Lightning Note - c:\program files\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: Free YouTube to MP3 Converter - c:\users\DENNIS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\DENNIS\AppData\Roaming\Mozilla\Firefox\Profiles\63p84wyt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-12-31  00:46:07
ComboFix-quarantined-files.txt  2011-12-30 23:46
.
Vor Suchlauf: 11 Verzeichnis(se), 120.186.281.984 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 119.856.250.880 Bytes frei
.
- - End Of File - - 2CE90EF97D3C5B33A4B90C8D407FBAA7
Gruß Klaros

cosinus 31.12.2011 15:31
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Klaros 31.12.2011 21:04
Hier der GMER-Log:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-31 20:36:31
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK3252GSX rev.LV010M
Running: cuxx1nmu.exe; Driver: C:\Users\DENNIS\AppData\Local\Temp\kgriapob.sys


---- System - GMER 1.0.15 ----

SSDT            91728B5E                                  ZwCreateSection
SSDT            91728B68                                  ZwRequestWaitReplyPort
SSDT            91728B63                                  ZwSetContextThread
SSDT            91728B6D                                  ZwSetSecurityObject
SSDT            91728B72                                  ZwSystemDebugControl
SSDT            91728AFF                                  ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKey + 13D1            82C52369 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2    82C8BD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11F7      82C92EAC 4 Bytes  [5E, 8B, 72, 91] {POP ESI; MOV ESI, [EDX-0x6f]}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1553      82C93208 4 Bytes  JMP F5549A8F
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1597      82C9324C 4 Bytes  [63, 8B, 72, 91]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1613      82C932C8 4 Bytes  [6D, 8B, 72, 91] {INSD ; MOV ESI, [EDX-0x6f]}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1667      82C9331C 4 Bytes  [72, 8B, 72, 91] {JB 0xffffffffffffff8d; JB 0xffffffffffffff95}
.text          ...                                     
.text          C:\Windows\system32\DRIVERS\atikmdag.sys  section is writeable [0x91E39000, 0x2D5378, 0xE8000020]
.text          C:\Windows\system32\DRIVERS\atksgt.sys    section is writeable [0x9BA2C300, 0x3B6D8, 0xE8000020]
.text          C:\Windows\system32\DRIVERS\lirsgt.sys    section is writeable [0x9BA6F300, 0x1BEE, 0xE8000020]
PAGE            peauth.sys                                9BA83B9B 72 Bytes  JMP E56DD401

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004b        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Hier der Osam-Log:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:52:02 on 31.12.2011

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 8.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AODDriver4.0" (AODDriver4.0) - ? - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys  (File not found)
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\DENNIS\AppData\Local\Temp\catchme.sys  (File not found)
"HSF_DPV" (HSF_DPV) - "Conexant Systems, Inc." - C:\Windows\System32\DRIVERS\HSX_DPV.sys
"HSXHWAZL" (HSXHWAZL) - "Conexant Systems, Inc." - C:\Windows\System32\DRIVERS\HSXHWAZL.sys
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"mdmxsdk" (mdmxsdk) - "Conexant" - C:\Windows\System32\DRIVERS\mdmxsdk.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
"winachsf" (winachsf) - "Conexant Systems, Inc." - C:\Windows\System32\DRIVERS\HSX_CNXT.sys
"XAudio" (XAudio) - "Conexant Systems, Inc." - C:\Windows\System32\DRIVERS\xaudio.sys
"XDva382" (XDva382) - ? - C:\Windows\system32\XDva382.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_25.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\DENNIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"HTC Sync Loader" - ? - "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"AMD FUEL Service" (AMD FUEL Service) - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
"AMD Reservation Manager" (AMD Reservation Manager) - "Advanced Micro Devices" - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Internet Pass-Through Service" (PassThru Service) - ? - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
"XAudioService" (XAudioService) - "Conexant Systems, Inc." - C:\Windows\system32\DRIVERS\xaudio.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Und hier der aswMBR-Log:
Code:
aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
Run date: 2011-12-31 20:39:27
-----------------------------
20:39:27.654    OS Version: Windows 6.1.7601 Service Pack 1
20:39:27.654    Number of processors: 2 586 0x301
20:39:27.654    ComputerName: PC-DENNIS  UserName: DENNIS
20:39:28.761    Initialize success
20:40:35.412    AVAST engine defs: 11123101
20:41:23.304    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
20:41:23.320    Disk 0 Vendor: TOSHIBA_MK3252GSX LV010M Size: 305245MB BusType: 11
20:41:23.444    Disk 0 MBR read successfully
20:41:23.460    Disk 0 MBR scan
20:41:23.491    Disk 0 Windows 7 default MBR code
20:41:23.507    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        1500 MB offset 2048
20:41:23.522    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      154273 MB offset 3074048
20:41:23.569    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      149471 MB offset 319025152
20:41:23.647    Disk 0 scanning sectors +625141760
20:41:23.990    Disk 0 scanning C:\Windows\system32\drivers
20:42:10.229    Service scanning
20:42:11.695    Modules scanning
20:42:29.869    Disk 0 trace - called modules:
20:42:29.916    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
20:42:29.932    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8675b4d0]
20:42:29.947    3 CLASSPNP.SYS[8bd7b59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x86274030]
20:42:30.774    AVAST engine scan C:\Windows
20:42:41.819    AVAST engine scan C:\Windows\system32
20:47:17.362    AVAST engine scan C:\Windows\system32\drivers
20:47:38.890    AVAST engine scan C:\Users\DENNIS
20:56:09.998    AVAST engine scan C:\ProgramData
20:59:50.832    Scan finished successfully
21:00:14.622    Disk 0 MBR has been saved successfully to "C:\Users\DENNIS\Desktop\MBR.dat"
21:00:14.638    The log file has been saved successfully to "C:\Users\DENNIS\Desktop\aswMBR.txt"
Ich wünsche dir einen guten Rutsch ins neue Jahr! Gruß Klaros :D


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:59 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131