Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Erpresser-Virus (https://www.trojaner-board.de/109476-erpresser-virus.html)

KazZk 09.02.2012 16:51
Erpresser-Virus
 
Moin..

nu hats mich auch erwischt. Wenn Internet an ist und Firefox startet, Bildschirm schwarz, "Ihr Betriebssystem funktioniert nichtmehr, kostenpflichtiges Update blabla", mit Kaspersky und MS Logo unten.

Habe Malware Antibytes schonmal was löschen lassen als erste kurzschlussreaktion, half aber nix.

Im Taskmanager is ne datei: wdc.exe, lässt sich nicht schließen. Außerdem meckert auch Hijackthis rum, dass es nicht auf hosts zugreifen kann.

Kann mir da bitte jemand weiterhelfen? :balla:

cosinus 09.02.2012 16:56
Zitat:
Habe Malware Antibytes schonmal was löschen lassen als erste kurzschlussreaktion, half aber nix.
Log posten!

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

KazZk 09.02.2012 17:04
MBAM beim ersten Fund:
Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122203

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

05.02.2012 20:40:42
mbam-log-2012-02-05 (20-40-42).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 168003
Laufzeit: 4 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Gilberto\AppData\Local\Temp\ms0cfg32.exe (Exploit.Drop.CFG) -> Quarantined and deleted successfully.
2. Fund
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.07.06

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Gilberto :: MARV [Administrator]

07.02.2012 22:52:29
mbam-log-2012-02-07 (22-52-29).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 175277
Laufzeit: 3 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Firefox helper (Trojan.Ransom) -> Daten: C:\Users\Gilberto\AppData\Local\Mozilla\Firefox\firefox.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Gilberto\AppData\Local\Mozilla\Firefox\firefox.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

und Hijackthis, wo wir grad dabei sind. das is auch nich koscher
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:39:10, on 09.02.2012
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\windows\system32\wuauclt.exe
C:\Users\Gilberto\Desktop\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Gilberto\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gilberto\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6891 bytes

cosinus 09.02.2012 17:09
Bitte KEINE Hijackthis-Logs posten!!!

Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


KazZk 09.02.2012 19:02
Code:
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7d793f9e63ef384691b6e1f5f938fb8a
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-09 05:47:21
# local_time=2012-02-09 06:47:21 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 338174 65341677 383495 0
# compatibility_mode=5893 16776573 100 94 3905 80436012 0 0
# compatibility_mode=8192 67108863 100 0 4364 4364 0 0
# scanned=272845
# found=3
# cleaned=0
# scan_time=4820
C:\Program Files\sexvilla\3D SexVilla 2\Binaries\fc3DSexVillaRun.DE.exe        a variant of Win32/Inject.NDT trojan (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\sexvilla\3D SexVilla 2\Binaries\fc3DSexVillaRun.EN.exe        a variant of Win32/Inject.NDT trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Gilberto\Documents\3D Sexvilla 2.058.002\3d_Sexvilla_2.058.002.exe        a variant of Win32/Inject.NDT trojan (unable to clean)        00000000000000000000000000000000        I

cosinus 09.02.2012 21:23
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

KazZk 11.02.2012 15:08
hier das otl log :)
herzlichen dank schonmal

Code:
OTL logfile created on: 11.02.2012 14:48:49 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Gilberto\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 60,51% Memory free
5,93 Gb Paging File | 4,73 Gb Available in Paging File | 79,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,93 Gb Total Space | 132,89 Gb Free Space | 46,15% Space Free | Partition Type: NTFS
Drive E: | 964,00 Mb Total Space | 961,17 Mb Free Space | 99,71% Space Free | Partition Type: FAT32
 
Computer Name: MARV | User Name: Gilberto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Gilberto\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
PRC - C:\Programme\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Programme\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Programme\P4G\BatteryLife.exe (ATK)
PRC - C:\Programme\ASUS\ATK Hotkey\MsgTranAgt.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe ()
PRC - C:\Programme\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\skin.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll ()
MOD - C:\Programme\P4G\OvrClk.dll ()
MOD - C:\Programme\P4G\DevMng.dll ()
MOD - C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll ()
MOD - C:\Programme\ASUS\ATK Hotkey\MsgTran.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)
DRV - (AmUStor) -- C:\Windows\System32\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1723137728-4224196469-615314354-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
IE - HKU\S-1-5-21-1723137728-4224196469-615314354-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
IE - HKU\S-1-5-21-1723137728-4224196469-615314354-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1723137728-4224196469-615314354-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.web.de"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Gilberto\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.27 12:08:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.25 07:41:12 | 000,000,000 | ---D | M]
 
[2010.10.21 13:47:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Gilberto\AppData\Roaming\mozilla\Extensions
[2011.12.27 17:06:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Gilberto\AppData\Roaming\mozilla\Firefox\Profiles\12vgrl5m.default\extensions
[2011.12.27 17:06:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Gilberto\AppData\Roaming\mozilla\Firefox\Profiles\12vgrl5m.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.27 12:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.08 16:14:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.01.02 04:45:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.10.21 16:22:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\defaults\profile\0gj7tdx3.default\extensions
[2010.10.21 16:22:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Programme\Mozilla Firefox\defaults\profile\0gj7tdx3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.21 16:22:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Programme\Mozilla Firefox\defaults\profile\0gj7tdx3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.10.21 16:22:29 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Programme\Mozilla Firefox\defaults\profile\0gj7tdx3.default\extensions\battlefieldheroespatcher@ea.com
[2011.11.27 12:08:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.10 00:30:58 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.10 00:30:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.10 00:30:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.10 00:30:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.10 00:30:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.10 00:30:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.04.19 14:05:04 | 000,432,374 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        123fporn.info
O1 - Hosts: 14880 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [ATKOSD2] C:\Programme\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HControlUser] C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1723137728-4224196469-615314354-1000..\Run: [Facebook Update] C:\Users\Gilberto\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gilberto\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA0484B3-011A-4741-AC22-CB349771BBC4}: DhcpNameServer = 82.144.41.8 82.145.9.8
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0079fd73-feb3-11df-bdb2-e0cb4e99190b}\Shell - "" = AutoRun
O33 - MountPoints2\{0079fd73-feb3-11df-bdb2-e0cb4e99190b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: facemoods - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: NBAgent - hkey= - key= - C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\steam.exe (Valve Corporation)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3acm - C:\windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\windows\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.11 14:45:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Gilberto\Desktop\OTL.exe
[2012.02.09 17:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.02.09 17:14:05 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Gilberto\Desktop\esetsmartinstaller_enu.exe
[2012.02.09 16:37:12 | 000,000,000 | ---D | C] -- C:\windows\LastGood
[2012.02.02 14:25:36 | 000,000,000 | ---D | C] -- C:\Users\Gilberto\4.0
[2012.02.02 14:25:36 | 000,000,000 | ---D | C] -- C:\Users\Gilberto\.tfo4
[2012.01.22 15:39:10 | 000,000,000 | ---D | C] -- C:\Users\Gilberto\Desktop\GTA Tracks
[2012.01.19 17:09:08 | 000,000,000 | ---D | C] -- C:\Users\Gilberto\Desktop\PROJEKT
[2012.01.16 18:32:47 | 035,944,352 | ---- | C] (TuneUp Software) -- C:\Users\Gilberto\Desktop\TuneUpUtilities2012_de-DE.exe
[2012.01.16 18:32:29 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Users\Gilberto\Desktop\ccsetup314.exe
[2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.11 14:48:15 | 000,000,918 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1723137728-4224196469-615314354-1000Core.job
[2012.02.11 14:46:31 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.11 14:39:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Gilberto\Desktop\OTL.exe
[2012.02.11 14:39:23 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.11 14:39:05 | 000,000,940 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1723137728-4224196469-615314354-1000UA.job
[2012.02.11 14:38:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.02.09 17:13:10 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Gilberto\Desktop\esetsmartinstaller_enu.exe
[2012.02.09 16:38:27 | 000,654,610 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.02.09 16:38:27 | 000,616,452 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.02.09 16:38:27 | 000,130,192 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.02.09 16:38:27 | 000,106,574 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.02.09 16:33:13 | 000,014,608 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.09 16:33:13 | 000,014,608 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.07 23:03:18 | 2388,459,520 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.07 22:47:52 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.05 18:47:35 | 000,167,633 | ---- | M] () -- C:\Users\Gilberto\Desktop\sponsorenkonzept.pdf
[2012.02.02 13:52:36 | 000,075,543 | ---- | M] () -- C:\Users\Gilberto\Desktop\Angebot OSZ Berlin 12062012.pdf
[2012.02.01 15:27:48 | 014,634,870 | ---- | M] () -- C:\Users\Gilberto\Desktop\Studie 2009 Laufender Text.pdf
[2012.01.16 18:35:32 | 035,944,352 | ---- | M] (TuneUp Software) -- C:\Users\Gilberto\Desktop\TuneUpUtilities2012_de-DE.exe
[2012.01.16 18:32:56 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Users\Gilberto\Desktop\ccsetup314.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.07 22:47:52 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.05 18:47:33 | 000,167,633 | ---- | C] () -- C:\Users\Gilberto\Desktop\sponsorenkonzept.pdf
[2012.02.02 13:52:32 | 000,075,543 | ---- | C] () -- C:\Users\Gilberto\Desktop\Angebot OSZ Berlin 12062012.pdf
[2012.02.01 15:26:22 | 014,634,870 | ---- | C] () -- C:\Users\Gilberto\Desktop\Studie 2009 Laufender Text.pdf
[2011.03.13 23:43:43 | 000,007,605 | -H-- | C] () -- C:\Users\Gilberto\AppData\Local\Resmon.ResmonCfg
[2010.12.27 02:49:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.29 20:46:21 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2010.11.03 18:34:34 | 000,000,632 | ---- | C] () -- C:\windows\CoD.INI
[2010.11.02 21:36:00 | 000,165,376 | ---- | C] () -- C:\windows\System32\unrar.dll
[2010.11.02 21:36:00 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2010.11.02 21:35:57 | 000,790,528 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2010.11.02 21:35:57 | 000,134,144 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2010.11.02 21:35:57 | 000,108,032 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2010.08.12 10:09:01 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll
[2010.08.12 10:00:50 | 001,752,704 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2010.08.12 10:00:50 | 000,028,672 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2010.08.12 10:00:38 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2010.08.12 10:00:38 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
[2010.08.12 10:00:36 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2009.09.30 10:57:29 | 000,654,610 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009.09.30 10:57:29 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009.09.30 10:57:29 | 000,130,192 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009.09.30 10:57:29 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009.07.14 05:33:53 | 001,757,808 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,452 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,574 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009.07.13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2012.01.02 06:48:47 | 000,000,000 | ---D | M] -- C:\Users\Gilberto\AppData\Roaming\.minecraft
[2011.09.05 18:50:27 | 000,000,000 | ---D | M] -- C:\Users\Gilberto\AppData\Roaming\DVDVideoSoft
[2011.04.16 21:30:16 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.10 15:49:15 | 000,000,000 | ---D | M] -- C:\Users\Gilberto\AppData\Roaming\LolClient
[2012.02.11 14:48:20 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\SoftGrid Client
[2011.04.19 10:18:17 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Teeworlds
[2010.10.21 16:32:03 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Thinstall
[2010.11.03 22:48:56 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\TP
[2011.10.10 00:35:30 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\TS3Client
[2012.02.11 14:48:15 | 000,000,918 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1723137728-4224196469-615314354-1000Core.job
[2012.02.11 14:39:05 | 000,000,940 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1723137728-4224196469-615314354-1000UA.job
[2011.01.13 15:15:20 | 000,032,630 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.02 06:48:47 | 000,000,000 | ---D | M] -- C:\Users\Gilberto\AppData\Roaming\.minecraft
[2011.06.20 21:10:13 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Adobe
[2010.11.05 10:10:26 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Apple Computer
[2010.10.21 14:17:55 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Avira
[2012.01.02 06:47:56 | 000,000,000 | ---D | M] -- C:\Users\Gilberto\AppData\Roaming\DivX
[2011.04.24 20:57:31 | 000,000,000 | ---D | M] -- C:\Users\Gilberto\AppData\Roaming\dvdcss
[2011.09.05 18:50:27 | 000,000,000 | ---D | M] -- C:\Users\Gilberto\AppData\Roaming\DVDVideoSoft
[2011.04.16 21:30:16 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.21 12:55:26 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Identities
[2011.10.10 15:49:15 | 000,000,000 | ---D | M] -- C:\Users\Gilberto\AppData\Roaming\LolClient
[2010.10.21 14:07:22 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Macromedia
[2011.04.19 01:53:28 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Malwarebytes
[2009.07.14 08:48:18 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Media Center Programs
[2012.01.17 11:33:33 | 000,000,000 | --SD | M] -- C:\Users\Gilberto\AppData\Roaming\Microsoft
[2010.10.21 13:47:19 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Mozilla
[2010.10.21 14:59:21 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Nero
[2010.10.21 16:43:01 | 000,000,000 | RH-D | M] -- C:\Users\Gilberto\AppData\Roaming\SecuROM
[2011.12.22 16:00:04 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Skype
[2011.10.12 13:35:34 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\skypePM
[2012.02.11 14:48:20 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\SoftGrid Client
[2011.04.19 10:18:17 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Teeworlds
[2010.10.21 16:32:03 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\Thinstall
[2010.11.03 22:48:56 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\TP
[2011.10.10 00:35:30 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\TS3Client
[2012.02.09 20:00:50 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\vlc
[2010.10.24 21:43:51 | 000,000,000 | -H-D | M] -- C:\Users\Gilberto\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.04.06 18:48:16 | 000,270,848 | ---- | M] (Teckda) -- C:\Users\Gilberto\AppData\Roaming\.minecraft\Minecraft Custom Nickname Loader.exe
[2010.10.21 03:00:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Gilberto\AppData\Roaming\.minecraft\Minecraft Updater.exe
[2011.01.14 12:37:54 | 000,232,501 | ---- | M] () -- C:\Users\Gilberto\AppData\Roaming\.minecraft\Minecraft.exe
[2011.04.06 18:48:16 | 000,270,848 | ---- | M] (Teckda) -- C:\Users\Gilberto\AppData\Roaming\DivX\.minecraft\Minecraft Custom Nickname Loader.exe
[2010.10.21 03:00:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Gilberto\AppData\Roaming\DivX\.minecraft\Minecraft Updater.exe
[2011.01.14 12:37:54 | 000,232,501 | ---- | M] () -- C:\Users\Gilberto\AppData\Roaming\DivX\.minecraft\Minecraft.exe
[2010.11.03 19:10:57 | 000,011,502 | RH-- | M] () -- C:\Users\Gilberto\AppData\Roaming\Microsoft\Installer\{7E641E46-81DB-4D1D-906A-48342523051C}\ARPPRODUCTICON.exe
[2010.11.03 19:10:57 | 000,053,248 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\Gilberto\AppData\Roaming\Microsoft\Installer\{7E641E46-81DB-4D1D-906A-48342523051C}\FlatOut2.exe1_C884B05AF5D94AE49D84E6BD9F6E7890.exe
[2010.11.03 19:10:57 | 000,053,248 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\Gilberto\AppData\Roaming\Microsoft\Installer\{7E641E46-81DB-4D1D-906A-48342523051C}\FlatOut2.exe_C884B05AF5D94AE49D84E6BD9F6E7890.exe
[2010.11.03 19:10:57 | 000,015,086 | RH-- | M] () -- C:\Users\Gilberto\AppData\Roaming\Microsoft\Installer\{7E641E46-81DB-4D1D-906A-48342523051C}\NewShortcut5_C884B05AF5D94AE49D84E6BD9F6E7890.exe
[2010.11.03 19:10:57 | 000,008,854 | RH-- | M] () -- C:\Users\Gilberto\AppData\Roaming\Microsoft\Installer\{7E641E46-81DB-4D1D-906A-48342523051C}\Uninstall_FlatOut2_C884B05AF5D94AE49D84E6BD9F6E7890.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

KazZk 12.02.2012 13:49
und nun? :o

cosinus 12.02.2012 14:51
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-1723137728-4224196469-615314354-1000..\Run: [Facebook Update] C:\Users\Gilberto\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0079fd73-feb3-11df-bdb2-e0cb4e99190b}\Shell - "" = AutoRun
O33 - MountPoints2\{0079fd73-feb3-11df-bdb2-e0cb4e99190b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
MsConfig - StartUpReg: facemoods - hkey= - key= -  File not found
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

KazZk 12.02.2012 15:14
er hat sofort erstma n neustart gemacht, log war dann aber noch da. immerhin hat er jetzt schon nicht mehr die benutzeranmeldung übersprungen :)
Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1723137728-4224196469-615314354-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
C:\Users\Gilberto\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0079fd73-feb3-11df-bdb2-e0cb4e99190b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0079fd73-feb3-11df-bdb2-e0cb4e99190b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0079fd73-feb3-11df-bdb2-e0cb4e99190b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0079fd73-feb3-11df-bdb2-e0cb4e99190b}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\facemoods\ deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gilberto
->Temp folder emptied: 4561492 bytes
->Temporary Internet Files folder emptied: 1337653 bytes
->Java cache emptied: 17501967 bytes
->FireFox cache emptied: 49102543 bytes
->Flash cache emptied: 548 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 548950 bytes
RecycleBin emptied: 1147242 bytes
 
Total Files Cleaned = 71,00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 02122012_151004

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 12.02.2012 15:29
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

KazZk 12.02.2012 16:00
Ist das normal, dass antivir, trotz inaktivität rummeckert über tdsskiller?

hier ist das log:
Code:
15:48:41.0776 1000        TDSS rootkit removing tool 2.7.11.0 Feb  9 2012 10:12:57
15:48:41.0808 1000        ============================================================
15:48:41.0808 1000        Current date / time: 2012/02/12 15:48:41.0808
15:48:41.0808 1000        SystemInfo:
15:48:41.0808 1000       
15:48:41.0808 1000        OS Version: 6.1.7600 ServicePack: 0.0
15:48:41.0808 1000        Product type: Workstation
15:48:41.0808 1000        ComputerName: MARV
15:48:41.0808 1000        UserName: Gilberto
15:48:41.0808 1000        Windows directory: C:\windows
15:48:41.0808 1000        System windows directory: C:\windows
15:48:41.0808 1000        Processor architecture: Intel x86
15:48:41.0808 1000        Number of processors: 2
15:48:41.0808 1000        Page size: 0x1000
15:48:41.0808 1000        Boot type: Normal boot
15:48:41.0808 1000        ============================================================
15:48:43.0368 1000        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:48:43.0368 1000        Drive \Device\Harddisk1\DR5 - Size: 0x3C800000 (0.95 Gb), SectorSize: 0x800, Cylinders: 0x1E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:48:43.0383 1000        \Device\Harddisk0\DR0:
15:48:43.0383 1000        MBR used
15:48:43.0383 1000        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x23FDD000
15:48:43.0383 1000        \Device\Harddisk1\DR5:
15:48:43.0383 1000        MBR used
15:48:43.0461 1000        Initialize success
15:48:43.0461 1000        ============================================================
15:50:44.0112 3256        ============================================================
15:50:44.0112 3256        Scan started
15:50:44.0112 3256        Mode: Manual; SigCheck; TDLFS;
15:50:44.0112 3256        ============================================================
15:50:44.0814 3256        1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
15:50:44.0923 3256        1394ohci - ok
15:50:45.0048 3256        ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
15:50:45.0063 3256        ACPI - ok
15:50:45.0188 3256        AcpiPmi        (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
15:50:45.0235 3256        AcpiPmi - ok
15:50:45.0360 3256        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
15:50:45.0391 3256        adp94xx - ok
15:50:45.0516 3256        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
15:50:45.0547 3256        adpahci - ok
15:50:45.0797 3256        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
15:50:45.0812 3256        adpu320 - ok
15:50:46.0077 3256        AFD            (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
15:50:46.0155 3256        AFD - ok
15:50:46.0265 3256        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
15:50:46.0280 3256        agp440 - ok
15:50:46.0389 3256        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
15:50:46.0405 3256        aic78xx - ok
15:50:46.0530 3256        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
15:50:46.0545 3256        aliide - ok
15:50:46.0577 3256        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
15:50:46.0592 3256        amdagp - ok
15:50:46.0701 3256        amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
15:50:46.0717 3256        amdide - ok
15:50:46.0904 3256        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
15:50:46.0951 3256        AmdK8 - ok
15:50:47.0169 3256        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
15:50:47.0216 3256        AmdPPM - ok
15:50:47.0357 3256        amdsata        (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
15:50:47.0372 3256        amdsata - ok
15:50:47.0419 3256        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
15:50:47.0450 3256        amdsbs - ok
15:50:47.0544 3256        amdxata        (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
15:50:47.0559 3256        amdxata - ok
15:50:47.0591 3256        AmUStor        (d2bf422c2611632afb9ce8f7b2a8c306) C:\windows\system32\drivers\AmUStor.SYS
15:50:47.0622 3256        AmUStor - ok
15:50:47.0778 3256        AppID          (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
15:50:47.0825 3256        AppID - ok
15:50:48.0027 3256        arc            (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
15:50:48.0043 3256        arc - ok
15:50:48.0152 3256        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
15:50:48.0183 3256        arcsas - ok
15:50:48.0308 3256        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
15:50:48.0402 3256        AsyncMac - ok
15:50:48.0511 3256        atapi          (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
15:50:48.0527 3256        atapi - ok
15:50:48.0667 3256        athr            (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys
15:50:48.0729 3256        athr - ok
15:50:48.0870 3256        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys
15:50:48.0932 3256        avgntflt - ok
15:50:49.0119 3256        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys
15:50:49.0151 3256        avipbb - ok
15:50:49.0338 3256        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
15:50:49.0400 3256        b06bdrv - ok
15:50:49.0509 3256        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
15:50:49.0556 3256        b57nd60x - ok
15:50:49.0681 3256        Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
15:50:49.0743 3256        Beep - ok
15:50:49.0837 3256        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
15:50:49.0868 3256        blbdrive - ok
15:50:50.0009 3256        bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
15:50:50.0040 3256        bowser - ok
15:50:50.0180 3256        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
15:50:50.0211 3256        BrFiltLo - ok
15:50:50.0227 3256        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
15:50:50.0274 3256        BrFiltUp - ok
15:50:50.0414 3256        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
15:50:50.0461 3256        Brserid - ok
15:50:50.0555 3256        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
15:50:50.0601 3256        BrSerWdm - ok
15:50:50.0695 3256        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
15:50:50.0742 3256        BrUsbMdm - ok
15:50:50.0851 3256        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
15:50:50.0898 3256        BrUsbSer - ok
15:50:50.0991 3256        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
15:50:51.0038 3256        BTHMODEM - ok
15:50:51.0163 3256        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
15:50:51.0225 3256        cdfs - ok
15:50:51.0350 3256        cdrom          (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
15:50:51.0381 3256        cdrom - ok
15:50:51.0506 3256        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
15:50:51.0537 3256        circlass - ok
15:50:51.0709 3256        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
15:50:51.0725 3256        CLFS - ok
15:50:51.0927 3256        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
15:50:51.0959 3256        CmBatt - ok
15:50:52.0005 3256        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
15:50:52.0037 3256        cmdide - ok
15:50:52.0099 3256        CNG            (36c252e474b2ffa0f0fbbff20d92a640) C:\windows\system32\Drivers\cng.sys
15:50:52.0161 3256        CNG - ok
15:50:52.0271 3256        Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
15:50:52.0302 3256        Compbatt - ok
15:50:52.0349 3256        CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
15:50:52.0380 3256        CompositeBus - ok
15:50:52.0489 3256        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
15:50:52.0505 3256        crcdisk - ok
15:50:52.0692 3256        DfsC            (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
15:50:52.0739 3256        DfsC - ok
15:50:52.0879 3256        discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
15:50:52.0941 3256        discache - ok
15:50:53.0113 3256        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
15:50:53.0129 3256        Disk - ok
15:50:53.0269 3256        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
15:50:53.0300 3256        drmkaud - ok
15:50:53.0441 3256        DXGKrnl        (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
15:50:53.0472 3256        DXGKrnl - ok
15:50:53.0690 3256        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
15:50:53.0815 3256        ebdrv - ok
15:50:53.0987 3256        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
15:50:54.0018 3256        elxstor - ok
15:50:54.0205 3256        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
15:50:54.0236 3256        ErrDev - ok
15:50:54.0361 3256        ETD            (249d08177b2080163e600c3424f1a6af) C:\windows\system32\DRIVERS\ETD.sys
15:50:54.0392 3256        ETD - ok
15:50:54.0455 3256        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
15:50:54.0517 3256        exfat - ok
15:50:54.0626 3256        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
15:50:54.0689 3256        fastfat - ok
15:50:54.0813 3256        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
15:50:54.0845 3256        fdc - ok
15:50:54.0969 3256        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
15:50:54.0985 3256        FileInfo - ok
15:50:55.0016 3256        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
15:50:55.0063 3256        Filetrace - ok
15:50:55.0266 3256        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
15:50:55.0297 3256        flpydisk - ok
15:50:55.0484 3256        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
15:50:55.0515 3256        FltMgr - ok
15:50:55.0656 3256        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
15:50:55.0671 3256        FsDepends - ok
15:50:55.0874 3256        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
15:50:55.0890 3256        Fs_Rec - ok
15:50:56.0124 3256        fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
15:50:56.0155 3256        fvevol - ok
15:50:56.0311 3256        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
15:50:56.0327 3256        gagp30kx - ok
15:50:56.0514 3256        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
15:50:56.0529 3256        GEARAspiWDM - ok
15:50:56.0717 3256        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
15:50:56.0795 3256        hcw85cir - ok
15:50:56.0966 3256        HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
15:50:57.0013 3256        HdAudAddService - ok
15:50:57.0185 3256        HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
15:50:57.0216 3256        HDAudBus - ok
15:50:57.0387 3256        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
15:50:57.0419 3256        HidBatt - ok
15:50:57.0559 3256        HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
15:50:57.0606 3256        HidBth - ok
15:50:57.0777 3256        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
15:50:57.0809 3256        HidIr - ok
15:50:57.0996 3256        HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
15:50:58.0027 3256        HidUsb - ok
15:50:58.0230 3256        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
15:50:58.0245 3256        HpSAMD - ok
15:50:58.0464 3256        HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
15:50:58.0526 3256        HTTP - ok
15:50:58.0651 3256        hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
15:50:58.0667 3256        hwpolicy - ok
15:50:58.0791 3256        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
15:50:58.0823 3256        i8042prt - ok
15:50:58.0963 3256        iaStorV        (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
15:50:58.0979 3256        iaStorV - ok
15:50:59.0540 3256        igfx            (8266ae06df974e5ba047b3e9e9e70b3f) C:\windows\system32\DRIVERS\igdkmd32.sys
15:50:59.0837 3256        igfx - ok
15:50:59.0946 3256        iirsp          (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
15:50:59.0961 3256        iirsp - ok
15:50:59.0993 3256        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
15:51:00.0008 3256        intelide - ok
15:51:00.0133 3256        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
15:51:00.0164 3256        intelppm - ok
15:51:00.0273 3256        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
15:51:00.0336 3256        IpFilterDriver - ok
15:51:00.0492 3256        IPMIDRV        (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
15:51:00.0523 3256        IPMIDRV - ok
15:51:00.0617 3256        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
15:51:00.0648 3256        IPNAT - ok
15:51:00.0773 3256        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
15:51:00.0835 3256        IRENUM - ok
15:51:01.0038 3256        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
15:51:01.0053 3256        isapnp - ok
15:51:01.0147 3256        iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
15:51:01.0163 3256        iScsiPrt - ok
15:51:01.0334 3256        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
15:51:01.0350 3256        kbdclass - ok
15:51:01.0506 3256        kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
15:51:01.0537 3256        kbdhid - ok
15:51:01.0646 3256        KSecDD          (0263364acb9c834ace52fb85c2c064ec) C:\windows\system32\Drivers\ksecdd.sys
15:51:01.0662 3256        KSecDD - ok
15:51:01.0833 3256        KSecPkg        (27391db553be2a4e2b0adeea2873b2af) C:\windows\system32\Drivers\ksecpkg.sys
15:51:01.0849 3256        KSecPkg - ok
15:51:01.0989 3256        L1E            (f7cdaba15c7e853f0a11af6d77fca990) C:\windows\system32\DRIVERS\L1E62x86.sys
15:51:02.0036 3256        L1E - ok
15:51:02.0161 3256        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
15:51:02.0208 3256        lltdio - ok
15:51:02.0379 3256        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
15:51:02.0395 3256        LSI_FC - ok
15:51:02.0520 3256        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
15:51:02.0535 3256        LSI_SAS - ok
15:51:02.0660 3256        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
15:51:02.0676 3256        LSI_SAS2 - ok
15:51:02.0707 3256        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
15:51:02.0738 3256        LSI_SCSI - ok
15:51:02.0847 3256        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
15:51:02.0879 3256        luafv - ok
15:51:03.0019 3256        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
15:51:03.0035 3256        megasas - ok
15:51:03.0144 3256        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
15:51:03.0175 3256        MegaSR - ok
15:51:03.0284 3256        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
15:51:03.0347 3256        Modem - ok
15:51:03.0456 3256        monitor        (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
15:51:03.0503 3256        monitor - ok
15:51:03.0612 3256        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
15:51:03.0612 3256        mouclass - ok
15:51:03.0737 3256        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
15:51:03.0799 3256        mouhid - ok
15:51:03.0908 3256        mountmgr        (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
15:51:03.0924 3256        mountmgr - ok
15:51:04.0017 3256        mpio            (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
15:51:04.0049 3256        mpio - ok
15:51:04.0080 3256        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
15:51:04.0189 3256        mpsdrv - ok
15:51:04.0283 3256        MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
15:51:04.0314 3256        MRxDAV - ok
15:51:04.0439 3256        mrxsmb          (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
15:51:04.0501 3256        mrxsmb - ok
15:51:04.0641 3256        mrxsmb10        (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
15:51:04.0673 3256        mrxsmb10 - ok
15:51:04.0907 3256        mrxsmb20        (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
15:51:04.0938 3256        mrxsmb20 - ok
15:51:05.0187 3256        msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
15:51:05.0203 3256        msahci - ok
15:51:05.0328 3256        msdsm          (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
15:51:05.0359 3256        msdsm - ok
15:51:05.0562 3256        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
15:51:05.0640 3256        Msfs - ok
15:51:05.0827 3256        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
15:51:05.0874 3256        mshidkmdf - ok
15:51:06.0170 3256        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
15:51:06.0201 3256        msisadrv - ok
15:51:06.0357 3256        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
15:51:06.0451 3256        MSKSSRV - ok
15:51:06.0669 3256        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
15:51:06.0763 3256        MSPCLOCK - ok
15:51:06.0981 3256        MSPQM          (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
15:51:07.0013 3256        MSPQM - ok
15:51:07.0309 3256        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
15:51:07.0340 3256        MsRPC - ok
15:51:07.0543 3256        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
15:51:07.0559 3256        mssmbios - ok
15:51:07.0808 3256        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
15:51:07.0855 3256        MSTEE - ok
15:51:08.0089 3256        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
15:51:08.0136 3256        MTConfig - ok
15:51:08.0261 3256        MTsensor        (bb16693616427eac1a436e106ea8d318) C:\windows\system32\DRIVERS\ATKACPI.sys
15:51:08.0276 3256        MTsensor - ok
15:51:08.0307 3256        Mup            (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
15:51:08.0339 3256        Mup - ok
15:51:08.0448 3256        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
15:51:08.0479 3256        NativeWifiP - ok
15:51:08.0635 3256        NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
15:51:08.0651 3256        NDIS - ok
15:51:08.0822 3256        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
15:51:08.0885 3256        NdisCap - ok
15:51:08.0916 3256        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
15:51:08.0947 3256        NdisTapi - ok
15:51:09.0025 3256        Ndisuio        (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
15:51:09.0103 3256        Ndisuio - ok
15:51:09.0197 3256        NdisWan        (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
15:51:09.0243 3256        NdisWan - ok
15:51:09.0275 3256        NDProxy        (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
15:51:09.0337 3256        NDProxy - ok
15:51:09.0446 3256        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
15:51:09.0509 3256        NetBIOS - ok
15:51:09.0618 3256        NetBT          (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
15:51:09.0665 3256        NetBT - ok
15:51:09.0789 3256        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
15:51:09.0805 3256        nfrd960 - ok
15:51:10.0070 3256        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
15:51:10.0117 3256        Npfs - ok
15:51:10.0164 3256        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
15:51:10.0195 3256        nsiproxy - ok
15:51:10.0304 3256        Ntfs            (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
15:51:10.0351 3256        Ntfs - ok
15:51:10.0445 3256        Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
15:51:10.0523 3256        Null - ok
15:51:10.0725 3256        nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
15:51:10.0757 3256        nvraid - ok
15:51:10.0975 3256        nvstor          (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
15:51:11.0006 3256        nvstor - ok
15:51:11.0084 3256        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
15:51:11.0115 3256        nv_agp - ok
15:51:11.0178 3256        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
15:51:11.0209 3256        ohci1394 - ok
15:51:11.0318 3256        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
15:51:11.0349 3256        Parport - ok
15:51:11.0381 3256        partmgr        (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
15:51:11.0396 3256        partmgr - ok
15:51:11.0459 3256        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
15:51:11.0490 3256        Parvdm - ok
15:51:11.0537 3256        pci            (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
15:51:11.0552 3256        pci - ok
15:51:11.0568 3256        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
15:51:11.0583 3256        pciide - ok
15:51:11.0661 3256        pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
15:51:11.0677 3256        pcmcia - ok
15:51:11.0708 3256        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
15:51:11.0739 3256        pcw - ok
15:51:11.0817 3256        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
15:51:11.0880 3256        PEAUTH - ok
15:51:12.0067 3256        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
15:51:12.0114 3256        PptpMiniport - ok
15:51:12.0301 3256        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
15:51:12.0348 3256        Processor - ok
15:51:12.0551 3256        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
15:51:12.0597 3256        Psched - ok
15:51:12.0800 3256        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
15:51:12.0831 3256        ql2300 - ok
15:51:12.0972 3256        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
15:51:12.0987 3256        ql40xx - ok
15:51:13.0143 3256        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
15:51:13.0190 3256        QWAVEdrv - ok
15:51:13.0331 3256        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
15:51:13.0377 3256        RasAcd - ok
15:51:13.0518 3256        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
15:51:13.0580 3256        RasAgileVpn - ok
15:51:13.0689 3256        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
15:51:13.0752 3256        Rasl2tp - ok
15:51:13.0908 3256        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
15:51:13.0955 3256        RasPppoe - ok
15:51:14.0142 3256        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
15:51:14.0173 3256        RasSstp - ok
15:51:14.0345 3256        rdbss          (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
15:51:14.0407 3256        rdbss - ok
15:51:14.0501 3256        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
15:51:14.0547 3256        rdpbus - ok
15:51:14.0703 3256        RDPCDD          (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
15:51:14.0766 3256        RDPCDD - ok
15:51:14.0875 3256        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
15:51:14.0953 3256        RDPENCDD - ok
15:51:15.0078 3256        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
15:51:15.0109 3256        RDPREFMP - ok
15:51:15.0218 3256        RDPWD          (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
15:51:15.0281 3256        RDPWD - ok
15:51:15.0405 3256        rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
15:51:15.0437 3256        rdyboost - ok
15:51:15.0530 3256        RimUsb          (0f6756ef8bda6dfa7be50465c83132bb) C:\windows\system32\Drivers\RimUsb.sys
15:51:15.0577 3256        RimUsb - ok
15:51:15.0686 3256        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
15:51:15.0749 3256        rspndr - ok
15:51:15.0842 3256        sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
15:51:15.0873 3256        sbp2port - ok
15:51:16.0045 3256        scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
15:51:16.0092 3256        scfilter - ok
15:51:16.0217 3256        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
15:51:16.0326 3256        secdrv - ok
15:51:16.0451 3256        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
15:51:16.0482 3256        Serenum - ok
15:51:16.0529 3256        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
15:51:16.0544 3256        Serial - ok
15:51:16.0653 3256        sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
15:51:16.0685 3256        sermouse - ok
15:51:16.0794 3256        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
15:51:16.0825 3256        sffdisk - ok
15:51:16.0856 3256        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
15:51:16.0887 3256        sffp_mmc - ok
15:51:16.0965 3256        sffp_sd        (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\DRIVERS\sffp_sd.sys
15:51:16.0997 3256        sffp_sd - ok
15:51:17.0012 3256        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
15:51:17.0043 3256        sfloppy - ok
15:51:17.0153 3256        Sftfs          (8f00cc8cacf83dce5b35079f615b0f12) C:\windows\system32\DRIVERS\Sftfslh.sys
15:51:17.0168 3256        Sftfs - ok
15:51:17.0293 3256        Sftplay        (afdb934586c4c8b2be39ae7eea6f52be) C:\windows\system32\DRIVERS\Sftplaylh.sys
15:51:17.0309 3256        Sftplay - ok
15:51:17.0324 3256        Sftredir        (6b1865d82e0290729ed7496c24275592) C:\windows\system32\DRIVERS\Sftredirlh.sys
15:51:17.0340 3256        Sftredir - ok
15:51:17.0418 3256        Sftvol          (621eccb1265a01ce2bdf6f2c5e727e2b) C:\windows\system32\DRIVERS\Sftvollh.sys
15:51:17.0433 3256        Sftvol - ok
15:51:17.0667 3256        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
15:51:17.0683 3256        sisagp - ok
15:51:17.0839 3256        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
15:51:17.0855 3256        SiSRaid2 - ok
15:51:17.0979 3256        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
15:51:17.0995 3256        SiSRaid4 - ok
15:51:18.0167 3256        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
15:51:18.0229 3256        Smb - ok
15:51:18.0525 3256        SNP2UVC        (060f51141b20b8156804446a04ab8b2a) C:\windows\system32\DRIVERS\snp2uvc.sys
15:51:18.0572 3256        SNP2UVC - ok
15:51:18.0697 3256        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
15:51:18.0713 3256        spldr - ok
15:51:18.0884 3256        srv            (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
15:51:18.0947 3256        srv - ok
15:51:19.0103 3256        srv2            (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
15:51:19.0118 3256        srv2 - ok
15:51:19.0274 3256        srvnet          (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
15:51:19.0321 3256        srvnet - ok
15:51:19.0539 3256        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
15:51:19.0571 3256        ssmdrv - ok
15:51:19.0695 3256        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
15:51:19.0711 3256        stexstor - ok
15:51:19.0820 3256        swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
15:51:19.0851 3256        swenum - ok
15:51:19.0929 3256        Tcpip          (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\drivers\tcpip.sys
15:51:19.0992 3256        Tcpip - ok
15:51:20.0148 3256        TCPIP6          (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\DRIVERS\tcpip.sys
15:51:20.0195 3256        TCPIP6 - ok
15:51:20.0304 3256        tcpipreg        (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
15:51:20.0351 3256        tcpipreg - ok
15:51:20.0475 3256        TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
15:51:20.0522 3256        TDPIPE - ok
15:51:20.0616 3256        TDTCP          (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
15:51:20.0678 3256        TDTCP - ok
15:51:20.0694 3256        tdx            (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
15:51:20.0725 3256        tdx - ok
15:51:20.0834 3256        TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
15:51:20.0850 3256        TermDD - ok
15:51:20.0975 3256        tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
15:51:21.0037 3256        tssecsrv - ok
15:51:21.0224 3256        tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
15:51:21.0287 3256        tunnel - ok
15:51:21.0474 3256        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
15:51:21.0489 3256        uagp35 - ok
15:51:21.0583 3256        udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
15:51:21.0614 3256        udfs - ok
15:51:21.0786 3256        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
15:51:21.0801 3256        uliagpkx - ok
15:51:21.0864 3256        umbus          (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
15:51:21.0911 3256        umbus - ok
15:51:22.0035 3256        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
15:51:22.0098 3256        UmPass - ok
15:51:22.0223 3256        usbccgp        (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
15:51:22.0238 3256        usbccgp - ok
15:51:22.0332 3256        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
15:51:22.0363 3256        usbcir - ok
15:51:22.0472 3256        usbehci        (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
15:51:22.0503 3256        usbehci - ok
15:51:22.0613 3256        usbhub          (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys
15:51:22.0644 3256        usbhub - ok
15:51:22.0753 3256        usbohci        (eb2d819a639015253c871cda09d91d58) C:\windows\system32\drivers\usbohci.sys
15:51:22.0769 3256        usbohci - ok
15:51:22.0800 3256        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
15:51:22.0815 3256        usbprint - ok
15:51:22.0940 3256        USBSTOR        (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
15:51:22.0971 3256        USBSTOR - ok
15:51:23.0018 3256        usbuhci        (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\DRIVERS\usbuhci.sys
15:51:23.0049 3256        usbuhci - ok
15:51:23.0143 3256        usbvideo        (f642a7e4bf78cfa359cca0a3557c28d7) C:\windows\System32\Drivers\usbvideo.sys
15:51:23.0174 3256        usbvideo - ok
15:51:23.0283 3256        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
15:51:23.0315 3256        vdrvroot - ok
15:51:23.0393 3256        vga            (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
15:51:23.0424 3256        vga - ok
15:51:23.0502 3256        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
15:51:23.0549 3256        VgaSave - ok
15:51:23.0611 3256        vhdmp          (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
15:51:23.0627 3256        vhdmp - ok
15:51:23.0829 3256        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
15:51:23.0845 3256        viaagp - ok
15:51:23.0970 3256        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
15:51:24.0001 3256        ViaC7 - ok
15:51:24.0126 3256        VIAHdAudAddService (f6c19f00f10343af369f6251969e9047) C:\windows\system32\drivers\viahduaa.sys
15:51:24.0188 3256        VIAHdAudAddService - ok
15:51:24.0282 3256        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
15:51:24.0297 3256        viaide - ok
15:51:24.0313 3256        volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
15:51:24.0329 3256        volmgr - ok
15:51:24.0360 3256        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
15:51:24.0375 3256        volmgrx - ok
15:51:24.0485 3256        volsnap        (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
15:51:24.0500 3256        volsnap - ok
15:51:24.0609 3256        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
15:51:24.0641 3256        vsmraid - ok
15:51:24.0672 3256        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
15:51:24.0703 3256        vwifibus - ok
15:51:24.0812 3256        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
15:51:24.0859 3256        vwififlt - ok
15:51:24.0953 3256        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
15:51:24.0984 3256        WacomPen - ok
15:51:25.0031 3256        WANARP          (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
15:51:25.0093 3256        WANARP - ok
15:51:25.0093 3256        Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
15:51:25.0124 3256        Wanarpv6 - ok
15:51:25.0202 3256        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
15:51:25.0233 3256        Wd - ok
15:51:25.0265 3256        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
15:51:25.0296 3256        Wdf01000 - ok
15:51:25.0436 3256        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
15:51:25.0483 3256        WfpLwf - ok
15:51:25.0608 3256        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
15:51:25.0623 3256        WIMMount - ok
15:51:25.0842 3256        WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
15:51:25.0904 3256        WinUsb - ok
15:51:26.0045 3256        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
15:51:26.0091 3256        WmiAcpi - ok
15:51:26.0263 3256        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
15:51:26.0294 3256        ws2ifsl - ok
15:51:26.0403 3256        WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
15:51:26.0466 3256        WudfPf - ok
15:51:26.0559 3256        WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
15:51:26.0622 3256        WUDFRd - ok
15:51:26.0684 3256        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:51:26.0778 3256        \Device\Harddisk0\DR0 - ok
15:51:26.0809 3256        MBR (0x1B8)    (17e9e7ca52a3da4e3a5b81c0a1b93922) \Device\Harddisk1\DR5
15:53:13.0373 3256        \Device\Harddisk1\DR5 - ok
15:53:13.0404 3256        Boot (0x1200)  (b7c28429e5c049b0169784c6c2c2881d) \Device\Harddisk0\DR0\Partition0
15:53:13.0404 3256        \Device\Harddisk0\DR0\Partition0 - ok
15:53:13.0404 3256        ============================================================
15:53:13.0404 3256        Scan finished
15:53:13.0404 3256        ============================================================
15:53:13.0435 2052        Detected object count: 0
15:53:13.0435 2052        Actual detected object count: 0

cosinus 12.02.2012 16:11
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

KazZk 13.02.2012 12:27
hier das CF log:

Code:
ComboFix 12-02-12.01 - Gilberto 13.02.2012  12:15:57.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3037.2049 [GMT 1:00]
ausgeführt von:: c:\users\Gilberto\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gilberto\4.0
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-13 bis 2012-02-13  ))))))))))))))))))))))))))))))
.
.
2012-02-13 11:22 . 2012-02-13 11:22        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-02-12 14:10 . 2012-02-12 14:10        --------        d-----w-        C:\_OTL
2012-02-09 16:21 . 2012-01-06 04:19        6557240        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{7096B073-7654-4BCC-90A4-AE19E3EBF38E}\mpengine.dll
2012-02-09 16:14 . 2012-02-09 16:14        --------        d-----w-        c:\program files\ESET
2012-02-02 13:25 . 2012-02-02 13:31        --------        d-----w-        c:\users\Gilberto\.tfo4
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:21 . 2010-10-21 12:45        237072        ------w-        c:\windows\system32\MpSigStub.exe
2011-12-10 14:24 . 2011-04-19 00:53        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-11-24 04:23 . 2011-12-15 13:36        2340352        ----a-w-        c:\windows\system32\win32k.sys
2011-11-19 14:06 . 2012-01-11 23:02        67072        ----a-w-        c:\windows\system32\packager.dll
2011-11-17 05:48 . 2012-01-14 03:35        134000        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2011-11-17 05:48 . 2012-01-14 03:35        67440        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2011-11-17 05:42 . 2012-01-14 03:35        369352        ----a-w-        c:\windows\system32\drivers\cng.sys
2011-11-17 05:41 . 2012-01-11 23:02        1288984        ----a-w-        c:\windows\system32\ntdll.dll
2011-11-17 05:39 . 2012-01-14 03:35        314368        ----a-w-        c:\windows\system32\webio.dll
2011-11-17 05:39 . 2012-01-14 03:35        99840        ----a-w-        c:\windows\system32\sspicli.dll
2011-11-17 05:39 . 2012-01-14 03:35        15360        ----a-w-        c:\windows\system32\sspisrv.dll
2011-11-17 05:39 . 2012-01-14 03:35        224768        ----a-w-        c:\windows\system32\schannel.dll
2011-11-17 05:39 . 2012-01-14 03:35        22016        ----a-w-        c:\windows\system32\secur32.dll
2011-11-17 05:38 . 2012-01-14 03:35        1037312        ----a-w-        c:\windows\system32\lsasrv.dll
2011-11-17 05:36 . 2012-01-14 03:35        22528        ----a-w-        c:\windows\system32\lsass.exe
2011-11-27 11:08 . 2011-05-11 17:15        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2009-09-01 233472]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 1474560]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07        932288        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47        35760        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04        1164584        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-10 23:40        421160        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-14 20:34        1086760        ----a-w-        c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07        2260480        --sha-r-        c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-09-30 19:31        1242448        ----a-w-        c:\program files\Steam\Steam.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-03 136176]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 27136]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-07-29 87040]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-03 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-08 3616768]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 577384]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1066496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 29529008
*NewlyCreated* - 71440135
*Deregistered* - 29529008
*Deregistered* - 71440135
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-03 08:55]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-03 08:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://nmd.msn.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Gilberto\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\users\Gilberto\AppData\Roaming\Mozilla\Firefox\Profiles\12vgrl5m.default\
FF - prefs.js: browser.startup.homepage - www.web.de
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1723137728-4224196469-615314354-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:47,b5,6e,7e,84,cc,f5,10,6e,53,80,b2,f8,6f,28,7c,9f,43,8b,96,f8,d4,25,
  08,d2,de,d8,08,c7,31,ae,fc,a8,01,04,d4,d3,4b,d6,86,e0,f0,55,92,95,7a,3e,58,\
"??"=hex:bf,58,93,bd,da,24,13,ce,36,a9,00,da,dd,94,de,a2
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-13  12:24:28
ComboFix-quarantined-files.txt  2012-02-13 11:24
.
Vor Suchlauf: 15 Verzeichnis(se), 143.611.633.664 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 143.729.078.272 Bytes frei
.
- - End Of File - - 627EEEF2AD2A3E6DFC3D354C77B69CBC

cosinus 13.02.2012 13:15
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:57 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129