Trojaner-Board - Malware oder Fehlalarm?

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Malware oder Fehlalarm? (https://www.trojaner-board.de/111461-malware-fehlalarm.html)

Code:

17:13:09.0480 1032        TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43

17:13:09.0620 1032        ============================================================

17:13:09.0620 1032        Current date / time: 2012/03/16 17:13:09.0620

17:13:09.0620 1032        SystemInfo:

17:13:09.0620 1032        

17:13:09.0620 1032        OS Version: 6.1.7601 ServicePack: 1.0

17:13:09.0620 1032        Product type: Workstation

17:13:09.0620 1032        ComputerName: JOHANNES-PC

17:13:09.0620 1032        UserName: Johannes

17:13:09.0620 1032        Windows directory: C:\Windows

17:13:09.0620 1032        System windows directory: C:\Windows

17:13:09.0620 1032        Running under WOW64

17:13:09.0620 1032        Processor architecture: Intel x64

17:13:09.0620 1032        Number of processors: 4

17:13:09.0620 1032        Page size: 0x1000

17:13:09.0620 1032        Boot type: Normal boot

17:13:09.0620 1032        ============================================================

17:13:10.0090 1032        Drive \Device\Harddisk0\DR0 - Size: 0xE8DCDB0000 (931.45 Gb), SectorSize: 0x200, Cylinders: 0x1DAF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:13:10.0110 1032        \Device\Harddisk0\DR0:

17:13:10.0110 1032        MBR used

17:13:10.0110 1032        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B58800, BlocksNum 0x32000

17:13:10.0110 1032        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B8A800, BlocksNum 0x395BD000

17:13:10.0110 1032        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3B147817, BlocksNum 0x3959EBA2

17:13:10.0150 1032        Initialize success

17:13:10.0150 1032        ============================================================

17:13:45.0085 1756        ============================================================

17:13:45.0085 1756        Scan started

17:13:45.0085 1756        Mode: Manual; SigCheck; TDLFS; 

17:13:45.0085 1756        ============================================================

17:13:45.0365 1756        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

17:13:45.0415 1756        1394ohci - ok

17:13:45.0445 1756        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

17:13:45.0455 1756        ACPI - ok

17:13:45.0475 1756        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

17:13:45.0515 1756        AcpiPmi - ok

17:13:45.0565 1756        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

17:13:45.0575 1756        adp94xx - ok

17:13:45.0585 1756        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

17:13:45.0605 1756        adpahci - ok

17:13:45.0615 1756        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

17:13:45.0615 1756        adpu320 - ok

17:13:45.0675 1756        AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

17:13:45.0735 1756        AFD - ok

17:13:45.0755 1756        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

17:13:45.0755 1756        agp440 - ok

17:13:45.0785 1756        ahcix64s        (367bb1682a128ddf23182b370769771e) C:\Windows\system32\DRIVERS\ahcix64s.sys

17:13:45.0815 1756        ahcix64s - ok

17:13:45.0845 1756        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

17:13:45.0855 1756        aliide - ok

17:13:45.0875 1756        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

17:13:45.0885 1756        amdide - ok

17:13:45.0905 1756        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

17:13:45.0935 1756        AmdK8 - ok

17:13:45.0955 1756        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

17:13:45.0975 1756        AmdPPM - ok

17:13:46.0005 1756        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

17:13:46.0015 1756        amdsata - ok

17:13:46.0035 1756        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

17:13:46.0045 1756        amdsbs - ok

17:13:46.0065 1756        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

17:13:46.0065 1756        amdxata - ok

17:13:46.0125 1756        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

17:13:46.0205 1756        AppID - ok

17:13:46.0255 1756        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

17:13:46.0285 1756        arc - ok

17:13:46.0295 1756        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

17:13:46.0305 1756        arcsas - ok

17:13:46.0325 1756        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

17:13:46.0375 1756        AsyncMac - ok

17:13:46.0395 1756        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

17:13:46.0405 1756        atapi - ok

17:13:46.0425 1756        AtiPcie         (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys

17:13:46.0425 1756        AtiPcie - ok

17:13:46.0495 1756        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys

17:13:46.0505 1756        avgntflt - ok

17:13:46.0535 1756        avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys

17:13:46.0545 1756        avipbb - ok

17:13:46.0585 1756        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

17:13:46.0595 1756        avkmgr - ok

17:13:46.0635 1756        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

17:13:46.0695 1756        b06bdrv - ok

17:13:46.0715 1756        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

17:13:46.0755 1756        b57nd60a - ok

17:13:46.0795 1756        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

17:13:46.0845 1756        Beep - ok

17:13:46.0885 1756        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

17:13:46.0895 1756        blbdrive - ok

17:13:46.0935 1756        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

17:13:46.0955 1756        bowser - ok

17:13:46.0955 1756        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:13:46.0975 1756        BrFiltLo - ok

17:13:46.0975 1756        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:13:46.0995 1756        BrFiltUp - ok

17:13:47.0015 1756        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

17:13:47.0045 1756        Brserid - ok

17:13:47.0055 1756        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

17:13:47.0075 1756        BrSerWdm - ok

17:13:47.0085 1756        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

17:13:47.0105 1756        BrUsbMdm - ok

17:13:47.0115 1756        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

17:13:47.0135 1756        BrUsbSer - ok

17:13:47.0145 1756        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

17:13:47.0155 1756        BTHMODEM - ok

17:13:47.0185 1756        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

17:13:47.0215 1756        cdfs - ok

17:13:47.0235 1756        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

17:13:47.0245 1756        cdrom - ok

17:13:47.0265 1756        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

17:13:47.0295 1756        circlass - ok

17:13:47.0315 1756        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

17:13:47.0335 1756        CLFS - ok

17:13:47.0355 1756        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

17:13:47.0365 1756        CmBatt - ok

17:13:47.0385 1756        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

17:13:47.0385 1756        cmdide - ok

17:13:47.0435 1756        CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

17:13:47.0485 1756        CNG - ok

17:13:47.0495 1756        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

17:13:47.0505 1756        Compbatt - ok

17:13:47.0545 1756        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

17:13:47.0585 1756        CompositeBus - ok

17:13:47.0605 1756        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

17:13:47.0615 1756        crcdisk - ok

17:13:47.0685 1756        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

17:13:47.0725 1756        DfsC - ok

17:13:47.0735 1756        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

17:13:47.0765 1756        discache - ok

17:13:47.0785 1756        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

17:13:47.0785 1756        Disk - ok

17:13:47.0825 1756        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

17:13:47.0855 1756        drmkaud - ok

17:13:47.0915 1756        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

17:13:47.0945 1756        DXGKrnl - ok

17:13:47.0955 1756        EagleX64 - ok

17:13:48.0045 1756        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

17:13:48.0155 1756        ebdrv - ok

17:13:48.0195 1756        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

17:13:48.0205 1756        elxstor - ok

17:13:48.0225 1756        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

17:13:48.0255 1756        ErrDev - ok

17:13:48.0265 1756        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

17:13:48.0295 1756        exfat - ok

17:13:48.0315 1756        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

17:13:48.0355 1756        fastfat - ok

17:13:48.0365 1756        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

17:13:48.0395 1756        fdc - ok

17:13:48.0405 1756        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

17:13:48.0415 1756        FileInfo - ok

17:13:48.0435 1756        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

17:13:48.0475 1756        Filetrace - ok

17:13:48.0485 1756        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

17:13:48.0495 1756        flpydisk - ok

17:13:48.0535 1756        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

17:13:48.0565 1756        FltMgr - ok

17:13:48.0595 1756        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

17:13:48.0605 1756        FsDepends - ok

17:13:48.0615 1756        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

17:13:48.0625 1756        Fs_Rec - ok

17:13:48.0675 1756        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

17:13:48.0695 1756        fvevol - ok

17:13:48.0705 1756        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

17:13:48.0715 1756        gagp30kx - ok

17:13:48.0775 1756        GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:13:48.0795 1756        GEARAspiWDM - ok

17:13:48.0865 1756        hamachi         (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys

17:13:48.0875 1756        hamachi - ok

17:13:48.0885 1756        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

17:13:48.0925 1756        hcw85cir - ok

17:13:48.0966 1756        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

17:13:48.0976 1756        HdAudAddService - ok

17:13:49.0006 1756        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

17:13:49.0036 1756        HDAudBus - ok

17:13:49.0056 1756        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

17:13:49.0086 1756        HidBatt - ok

17:13:49.0096 1756        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

17:13:49.0126 1756        HidBth - ok

17:13:49.0136 1756        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

17:13:49.0166 1756        HidIr - ok

17:13:49.0176 1756        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

17:13:49.0206 1756        HidUsb - ok

17:13:49.0246 1756        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

17:13:49.0266 1756        HpSAMD - ok

17:13:49.0316 1756        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

17:13:49.0406 1756        HTTP - ok

17:13:49.0446 1756        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

17:13:49.0456 1756        hwpolicy - ok

17:13:49.0496 1756        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

17:13:49.0506 1756        i8042prt - ok

17:13:49.0556 1756        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

17:13:49.0576 1756        iaStorV - ok

17:13:49.0596 1756        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

17:13:49.0616 1756        iirsp - ok

17:13:49.0726 1756        IntcAzAudAddService (6feceb88cbb6e761e9194f5711f02102) C:\Windows\system32\drivers\RTKVHD64.sys

17:13:49.0756 1756        IntcAzAudAddService - ok

17:13:49.0776 1756        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

17:13:49.0786 1756        intelide - ok

17:13:49.0796 1756        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

17:13:49.0816 1756        intelppm - ok

17:13:49.0876 1756        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:13:49.0946 1756        IpFilterDriver - ok

17:13:49.0966 1756        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

17:13:50.0006 1756        IPMIDRV - ok

17:13:50.0016 1756        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

17:13:50.0076 1756        IPNAT - ok

17:13:50.0106 1756        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

17:13:50.0206 1756        IRENUM - ok

17:13:50.0226 1756        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

17:13:50.0236 1756        isapnp - ok

17:13:50.0266 1756        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

17:13:50.0276 1756        iScsiPrt - ok

17:13:50.0306 1756        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

17:13:50.0306 1756        kbdclass - ok

17:13:50.0316 1756        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

17:13:50.0326 1756        kbdhid - ok

17:13:50.0376 1756        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

17:13:50.0376 1756        KSecDD - ok

17:13:50.0426 1756        KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

17:13:50.0456 1756        KSecPkg - ok

17:13:50.0476 1756        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

17:13:50.0526 1756        ksthunk - ok

17:13:50.0556 1756        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

17:13:50.0586 1756        lltdio - ok

17:13:50.0606 1756        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

17:13:50.0616 1756        LSI_FC - ok

17:13:50.0626 1756        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

17:13:50.0636 1756        LSI_SAS - ok

17:13:50.0646 1756        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:13:50.0646 1756        LSI_SAS2 - ok

17:13:50.0656 1756        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:13:50.0666 1756        LSI_SCSI - ok

17:13:50.0676 1756        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

17:13:50.0716 1756        luafv - ok

17:13:50.0776 1756        MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

17:13:50.0796 1756        MBAMProtector - ok

17:13:50.0816 1756        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

17:13:50.0826 1756        megasas - ok

17:13:50.0836 1756        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

17:13:50.0856 1756        MegaSR - ok

17:13:50.0866 1756        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

17:13:50.0906 1756        Modem - ok

17:13:50.0916 1756        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

17:13:50.0926 1756        monitor - ok

17:13:50.0946 1756        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

17:13:50.0946 1756        mouclass - ok

17:13:50.0966 1756        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

17:13:50.0976 1756        mouhid - ok

17:13:51.0016 1756        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

17:13:51.0036 1756        mountmgr - ok

17:13:51.0056 1756        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

17:13:51.0076 1756        mpio - ok

17:13:51.0086 1756        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

17:13:51.0126 1756        mpsdrv - ok

17:13:51.0166 1756        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

17:13:51.0246 1756        MRxDAV - ok

17:13:51.0276 1756        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:13:51.0296 1756        mrxsmb - ok

17:13:51.0316 1756        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:13:51.0336 1756        mrxsmb10 - ok

17:13:51.0366 1756        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:13:51.0376 1756        mrxsmb20 - ok

17:13:51.0396 1756        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

17:13:51.0406 1756        msahci - ok

17:13:51.0436 1756        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

17:13:51.0446 1756        msdsm - ok

17:13:51.0466 1756        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

17:13:51.0496 1756        Msfs - ok

17:13:51.0516 1756        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

17:13:51.0546 1756        mshidkmdf - ok

17:13:51.0566 1756        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

17:13:51.0576 1756        msisadrv - ok

17:13:51.0616 1756        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

17:13:51.0646 1756        MSKSSRV - ok

17:13:51.0656 1756        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

17:13:51.0686 1756        MSPCLOCK - ok

17:13:51.0696 1756        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

17:13:51.0726 1756        MSPQM - ok

17:13:51.0756 1756        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

17:13:51.0766 1756        MsRPC - ok

17:13:51.0796 1756        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

17:13:51.0806 1756        mssmbios - ok

17:13:51.0816 1756        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

17:13:51.0856 1756        MSTEE - ok

17:13:51.0866 1756        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

17:13:51.0886 1756        MTConfig - ok

17:13:51.0886 1756        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

17:13:51.0896 1756        Mup - ok

17:13:51.0926 1756        mwlPSDFilter    (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

17:13:51.0936 1756        mwlPSDFilter - ok

17:13:51.0956 1756        mwlPSDNServ     (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

17:13:51.0966 1756        mwlPSDNServ - ok

17:13:51.0986 1756        mwlPSDVDisk     (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

17:13:51.0986 1756        mwlPSDVDisk - ok

17:13:52.0026 1756        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

17:13:52.0056 1756        NativeWifiP - ok

17:13:52.0116 1756        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

17:13:52.0166 1756        NDIS - ok

17:13:52.0186 1756        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

17:13:52.0216 1756        NdisCap - ok

17:13:52.0226 1756        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

17:13:52.0256 1756        NdisTapi - ok

17:13:52.0296 1756        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

17:13:52.0316 1756        Ndisuio - ok

17:13:52.0356 1756        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

17:13:52.0386 1756        NdisWan - ok

17:13:52.0416 1756        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

17:13:52.0476 1756        NDProxy - ok

17:13:52.0486 1756        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

17:13:52.0526 1756        NetBIOS - ok

17:13:52.0556 1756        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

17:13:52.0586 1756        NetBT - ok

17:13:52.0626 1756        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

17:13:52.0636 1756        nfrd960 - ok

17:13:52.0656 1756        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

17:13:52.0686 1756        Npfs - ok

17:13:52.0696 1756        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

17:13:52.0736 1756        nsiproxy - ok

17:13:52.0806 1756        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

17:13:52.0866 1756        Ntfs - ok

17:13:52.0876 1756        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

17:13:52.0946 1756        Null - ok

17:13:53.0256 1756        nvlddmkm        (4628fa8f0cc0d509bc14a223e99d36f3) C:\Windows\system32\DRIVERS\nvlddmkm.sys

17:13:53.0416 1756        nvlddmkm - ok

17:13:53.0456 1756        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

17:13:53.0466 1756        nvraid - ok

17:13:53.0496 1756        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

17:13:53.0506 1756        nvstor - ok

17:13:53.0536 1756        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

17:13:53.0546 1756        nv_agp - ok

17:13:53.0566 1756        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

17:13:53.0586 1756        ohci1394 - ok

17:13:53.0666 1756        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

17:13:53.0686 1756        Parport - ok

17:13:53.0696 1756        partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

17:13:53.0716 1756        partmgr - ok

17:13:53.0746 1756        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

17:13:53.0756 1756        pci - ok

17:13:53.0786 1756        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

17:13:53.0786 1756        pciide - ok

17:13:53.0816 1756        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

17:13:53.0826 1756        pcmcia - ok

17:13:53.0846 1756        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

17:13:53.0846 1756        pcw - ok

17:13:53.0866 1756        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

17:13:53.0926 1756        PEAUTH - ok

17:13:54.0016 1756        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

17:13:54.0096 1756        PptpMiniport - ok

17:13:54.0116 1756        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

17:13:54.0126 1756        Processor - ok

17:13:54.0176 1756        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

17:13:54.0266 1756        Psched - ok

17:13:54.0316 1756        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

17:13:54.0386 1756        ql2300 - ok

17:13:54.0406 1756        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

17:13:54.0416 1756        ql40xx - ok

17:13:54.0436 1756        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

17:13:54.0466 1756        QWAVEdrv - ok

17:13:54.0486 1756        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

17:13:54.0526 1756        RasAcd - ok

17:13:54.0546 1756        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

17:13:54.0576 1756        RasAgileVpn - ok

17:13:54.0616 1756        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:13:54.0706 1756        Rasl2tp - ok

17:13:54.0716 1756        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

17:13:54.0766 1756        RasPppoe - ok

17:13:54.0776 1756        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

17:13:54.0816 1756        RasSstp - ok

17:13:54.0846 1756        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

17:13:54.0876 1756        rdbss - ok

17:13:54.0886 1756        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

17:13:54.0906 1756        rdpbus - ok

17:13:54.0926 1756        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:13:54.0966 1756        RDPCDD - ok

17:13:54.0986 1756        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

17:13:55.0056 1756        RDPENCDD - ok

17:13:55.0066 1756        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

17:13:55.0096 1756        RDPREFMP - ok

17:13:55.0136 1756        RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

17:13:55.0176 1756        RDPWD - ok

17:13:55.0216 1756        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

17:13:55.0246 1756        rdyboost - ok

17:13:55.0276 1756        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

17:13:55.0306 1756        rspndr - ok

17:13:55.0336 1756        RTL8167         (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys

17:13:55.0346 1756        RTL8167 - ok

17:13:55.0376 1756        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

17:13:55.0386 1756        sbp2port - ok

17:13:55.0426 1756        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

17:13:55.0496 1756        scfilter - ok

17:13:55.0516 1756        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

17:13:55.0546 1756        secdrv - ok

17:13:55.0566 1756        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

17:13:55.0586 1756        Serenum - ok

17:13:55.0616 1756        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

17:13:55.0636 1756        Serial - ok

17:13:55.0656 1756        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

17:13:55.0676 1756        sermouse - ok

17:13:55.0716 1756        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

17:13:55.0756 1756        sffdisk - ok

17:13:55.0776 1756        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

17:13:55.0796 1756        sffp_mmc - ok

17:13:55.0806 1756        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

17:13:55.0836 1756        sffp_sd - ok

17:13:55.0856 1756        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

17:13:55.0876 1756        sfloppy - ok

17:13:55.0946 1756        Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

17:13:55.0996 1756        Sftfs - ok

17:13:56.0036 1756        Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

17:13:56.0046 1756        Sftplay - ok

17:13:56.0066 1756        Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

17:13:56.0076 1756        Sftredir - ok

17:13:56.0086 1756        Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

17:13:56.0086 1756        Sftvol - ok

17:13:56.0106 1756        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:13:56.0116 1756        SiSRaid2 - ok

17:13:56.0136 1756        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

17:13:56.0146 1756        SiSRaid4 - ok

17:13:56.0156 1756        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

17:13:56.0206 1756        Smb - ok

17:13:56.0226 1756        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

17:13:56.0236 1756        spldr - ok

17:13:56.0276 1756        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

17:13:56.0286 1756        srv - ok

17:13:56.0306 1756        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

17:13:56.0326 1756        srv2 - ok

17:13:56.0346 1756        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

17:13:56.0356 1756        srvnet - ok

17:13:56.0386 1756        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

17:13:56.0396 1756        stexstor - ok

17:13:56.0416 1756        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

17:13:56.0426 1756        swenum - ok

17:13:56.0496 1756        Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

17:13:56.0546 1756        Tcpip - ok

17:13:56.0586 1756        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

17:13:56.0616 1756        TCPIP6 - ok

17:13:56.0636 1756        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

17:13:56.0696 1756        tcpipreg - ok

17:13:56.0726 1756        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

17:13:56.0736 1756        TDPIPE - ok

17:13:56.0766 1756        TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

17:13:56.0806 1756        TDTCP - ok

17:13:56.0836 1756        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

17:13:56.0906 1756        tdx - ok

17:13:56.0926 1756        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

17:13:56.0936 1756        TermDD - ok

17:13:56.0976 1756        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:13:57.0016 1756        tssecsrv - ok

17:13:57.0056 1756        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

17:13:57.0086 1756        TsUsbFlt - ok

17:13:57.0146 1756        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

17:13:57.0216 1756        tunnel - ok

17:13:57.0226 1756        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

17:13:57.0226 1756        uagp35 - ok

17:13:57.0266 1756        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

17:13:57.0306 1756        udfs - ok

17:13:57.0336 1756        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

17:13:57.0336 1756        uliagpkx - ok

17:13:57.0366 1756        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

17:13:57.0396 1756        umbus - ok

17:13:57.0406 1756        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

17:13:57.0426 1756        UmPass - ok

17:13:57.0496 1756        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

17:13:57.0526 1756        usbaudio - ok

17:13:57.0556 1756        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

17:13:57.0566 1756        usbccgp - ok

17:13:57.0606 1756        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

17:13:57.0626 1756        usbcir - ok

17:13:57.0646 1756        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

17:13:57.0656 1756        usbehci - ok

17:13:57.0686 1756        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

17:13:57.0706 1756        usbhub - ok

17:13:57.0726 1756        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

17:13:57.0746 1756        usbohci - ok

17:13:57.0766 1756        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

17:13:57.0786 1756        usbprint - ok

17:13:57.0816 1756        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:13:57.0826 1756        USBSTOR - ok

17:13:57.0846 1756        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

17:13:57.0856 1756        usbuhci - ok

17:13:57.0866 1756        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

17:13:57.0876 1756        vdrvroot - ok

17:13:57.0886 1756        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

17:13:57.0896 1756        vga - ok

17:13:57.0926 1756        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

17:13:57.0956 1756        VgaSave - ok

17:13:58.0007 1756        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

17:13:58.0037 1756        vhdmp - ok

17:13:58.0177 1756        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

17:13:58.0207 1756        viaide - ok

17:13:58.0247 1756        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

17:13:58.0267 1756        volmgr - ok

17:13:58.0307 1756        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

17:13:58.0337 1756        volmgrx - ok

17:13:58.0357 1756        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

17:13:58.0377 1756        volsnap - ok

17:13:58.0407 1756        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

17:13:58.0417 1756        vsmraid - ok

17:13:58.0447 1756        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

17:13:58.0467 1756        vwifibus - ok

17:13:58.0477 1756        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

17:13:58.0507 1756        WacomPen - ok

17:13:58.0527 1756        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

17:13:58.0547 1756        WANARP - ok

17:13:58.0557 1756        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

17:13:58.0577 1756        Wanarpv6 - ok

17:13:58.0597 1756        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

17:13:58.0607 1756        Wd - ok

17:13:58.0627 1756        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

17:13:58.0647 1756        Wdf01000 - ok

17:13:58.0677 1756        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

17:13:58.0697 1756        WfpLwf - ok

17:13:58.0707 1756        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

17:13:58.0717 1756        WIMMount - ok

17:13:58.0757 1756        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

17:13:58.0767 1756        WmiAcpi - ok

17:13:58.0787 1756        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

17:13:58.0817 1756        ws2ifsl - ok

17:13:58.0867 1756        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

17:13:58.0927 1756        WudfPf - ok

17:13:58.0947 1756        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:13:58.0987 1756        WUDFRd - ok

17:13:59.0047 1756        xusb21          (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys

17:13:59.0087 1756        xusb21 - ok

17:13:59.0117 1756        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

17:13:59.0317 1756        \Device\Harddisk0\DR0 - ok

17:13:59.0337 1756        Boot (0x1200)   (b57f793d31ccf623b804a8d8d8da0edc) \Device\Harddisk0\DR0\Partition0

17:13:59.0337 1756        \Device\Harddisk0\DR0\Partition0 - ok

17:13:59.0347 1756        Boot (0x1200)   (09820334e27fb3be82cfe56c5bea0b8b) \Device\Harddisk0\DR0\Partition1

17:13:59.0347 1756        \Device\Harddisk0\DR0\Partition1 - ok

17:13:59.0377 1756        Boot (0x1200)   (a3dc52930d3484542bfad31a12e6f044) \Device\Harddisk0\DR0\Partition2

17:13:59.0377 1756        \Device\Harddisk0\DR0\Partition2 - ok

17:13:59.0377 1756        ============================================================

17:13:59.0377 1756        Scan finished

17:13:59.0377 1756        ============================================================

17:13:59.0387 5040        Detected object count: 0

17:13:59.0387 5040        Actual detected object count: 0

Sry für mein Unwissen.. Kann man jzt schon abschätzen, wie es mit dem System aussieht?

Da könnte noch was drauf sein

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Combofix Logfile:

Code:

ComboFix 12-03-16.03 - Johannes 16.03.2012  17:25:40.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8176.6596 [GMT 1:00]

ausgeführt von:: c:\users\Johannes\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

D:\install.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-02-16 bis 2012-03-16  ))))))))))))))))))))))))))))))

.

.

2012-03-16 14:19 . 2012-03-16 14:19        --------        d-----w-        C:\_OTL

2012-03-16 14:19 . 2012-02-08 07:13        8643640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5897B5C5-5F63-4952-9DA4-B3CD46DF5EB2}\mpengine.dll

2012-03-14 19:33 . 2011-11-19 15:20        5559152        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-03-14 19:33 . 2011-11-19 14:50        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2012-03-14 19:33 . 2011-11-19 14:50        3913584        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 17:24 . 2012-03-14 17:24        --------        d-----w-        c:\program files (x86)\ESET

2012-03-14 14:37 . 2012-02-03 04:34        3145728        ----a-w-        c:\windows\system32\win32k.sys

2012-03-14 14:37 . 2012-02-10 06:36        1544192        ----a-w-        c:\windows\system32\DWrite.dll

2012-03-14 14:37 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll

2012-03-14 14:36 . 2012-02-17 06:38        1031680        ----a-w-        c:\windows\system32\rdpcore.dll

2012-03-14 14:36 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll

2012-03-14 14:36 . 2012-02-17 04:58        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys

2012-03-14 14:36 . 2012-02-17 04:57        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys

2012-03-14 14:36 . 2012-01-25 06:38        77312        ----a-w-        c:\windows\system32\rdpwsx.dll

2012-03-14 14:36 . 2012-01-25 06:38        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll

2012-03-14 14:36 . 2012-01-25 06:33        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe

2012-03-13 20:37 . 2012-03-13 20:37        --------        d-----w-        c:\users\Johannes\AppData\Roaming\Malwarebytes

2012-03-13 20:37 . 2012-03-13 20:37        --------        d-----w-        c:\programdata\Malwarebytes

2012-03-13 20:37 . 2012-03-13 20:37        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-13 20:37 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-03-12 13:24 . 2012-03-12 13:26        --------        d-----w-        c:\users\Johannes\AppData\Roaming\Apple Computer

2012-03-12 13:24 . 2012-03-12 13:24        --------        d-----w-        c:\users\Johannes\AppData\Local\Apple Computer

2012-03-12 13:23 . 2012-03-12 13:23        --------        dc----w-        c:\windows\system32\DRVSTORE

2012-03-12 13:22 . 2012-03-12 13:22        --------        d-----w-        c:\programdata\Apple

2012-03-11 16:31 . 2012-03-13 22:23        --------        d-----w-        c:\programdata\SecTaskMan

2012-03-11 16:31 . 2012-03-11 16:31        --------        d-----w-        c:\program files (x86)\Security Task Manager

2012-03-08 17:10 . 2012-03-08 17:10        --------        d-----w-        c:\program files (x86)\Common Files\Java

2012-03-08 17:10 . 2012-03-08 17:10        476904        ----a-w-        c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll

2012-03-08 17:10 . 2012-03-08 17:10        --------        d-----w-        c:\program files (x86)\Java

2012-03-07 16:54 . 2012-03-07 16:54        --------        d-----w-        c:\program files (x86)\Common Files\Skype

2012-02-29 14:21 . 2012-02-29 14:21        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi

2012-02-19 15:55 . 2012-02-19 15:55        --------        d-----w-        c:\programdata\Nexon

2012-02-19 14:06 . 2012-02-19 15:54        --------        d-----w-        C:\Download

2012-02-19 14:05 . 2012-02-19 15:52        --------        d-----w-        C:\Nexon

2012-02-19 14:05 . 2012-02-19 14:05        446464        ----a-w-        c:\windows\NEXON_EU_DownloaderUpdater.exe

2012-02-19 14:05 . 2012-02-19 14:05        235        ----a-w-        c:\windows\SysWow64\nxEuUninstall.bat

2012-02-16 14:57 . 2012-01-04 10:44        509952        ----a-w-        c:\windows\system32\ntshrui.dll

2012-02-16 14:57 . 2012-01-04 08:58        442880        ----a-w-        c:\windows\SysWow64\ntshrui.dll

2012-02-16 14:57 . 2011-12-30 06:26        515584        ----a-w-        c:\windows\system32\timedate.cpl

2012-02-16 14:57 . 2011-12-30 05:27        478720        ----a-w-        c:\windows\SysWow64\timedate.cpl

2012-02-16 14:57 . 2011-12-28 03:59        498688        ----a-w-        c:\windows\system32\drivers\afd.sys

2012-02-16 14:57 . 2011-12-16 08:46        634880        ----a-w-        c:\windows\system32\msvcrt.dll

2012-02-16 14:57 . 2011-12-16 07:52        690688        ----a-w-        c:\windows\SysWow64\msvcrt.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-08 17:10 . 2011-08-17 16:53        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2012-02-23 08:18 . 2011-08-17 16:44        279656        ------w-        c:\windows\system32\MpSigStub.exe

2012-02-21 14:50 . 2011-08-17 16:36        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-15 16:56 . 2011-10-20 10:55        132320        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-12-29 17:21 . 2011-09-05 15:06        466456        ----a-w-        c:\windows\system32\wrap_oal.dll

2011-12-29 17:21 . 2011-09-05 15:06        122904        ----a-w-        c:\windows\system32\OpenAL32.dll

2011-12-29 17:21 . 2011-09-05 15:06        444952        ----a-w-        c:\windows\SysWow64\wrap_oal.dll

2011-12-29 17:21 . 2011-09-05 15:06        109080        ----a-w-        c:\windows\SysWow64\OpenAL32.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-02-01 18:03        120176        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-06 39408]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-17 1242448]

"ICQ"="c:\program files (x86)\ICQ7.6\ICQ.exe" [2011-10-10 127040]

"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2012-02-19 438272]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-02-01 337264]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]

"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-04-15 124136]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 135664]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 135664]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-02-01 305520]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 15:06]

.

2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 15:06]

.

2012-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2820378941-3440087322-173894445-1000Core.job

- c:\users\Johannes\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 19:29]

.

2012-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2820378941-3440087322-173894445-1000UA.job

- c:\users\Johannes\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 19:29]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-02-01 18:06        137584        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-02-01 349552]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-12 9955872]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = 

mLocal Page = 

uInternet Settings,ProxyOverride = *.local

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe

FF - ProfilePath - c:\users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\wll5mwhn.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-03-16  17:36:04 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-03-16 16:36

.

Vor Suchlauf: 12 Verzeichnis(se), 341.504.086.016 Bytes frei

Nach Suchlauf: 18 Verzeichnis(se), 341.126.897.664 Bytes frei

.

- - End Of File - - 72DBC12D0FAD0A55196E213ACF54C241

--- --- ---

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Code:



aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-03-16 18:30:22

-----------------------------

18:30:22.617    OS Version: Windows x64 6.1.7601 Service Pack 1

18:30:22.617    Number of processors: 4 586 0x502

18:30:22.617    ComputerName: JOHANNES-PC  UserName: Johannes

18:30:24.910    Initialize success

18:33:23.959    AVAST engine defs: 12031600

18:33:30.448    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062

18:33:30.464    Disk 0 Vendor: WDC_____ 80.0 Size: 953805MB BusType: 8

18:33:30.480    Disk 0 MBR read successfully

18:33:30.480    Disk 0 MBR scan

18:33:30.480    Disk 0 Windows 7 default MBR code

18:33:30.495    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        14000 MB offset 2048

18:33:30.511    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 28674048

18:33:30.542    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       469882 MB offset 28878848

18:33:30.558    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       469821 MB offset 991197207

18:33:30.604    Disk 0 scanning C:\Windows\system32\drivers

18:33:38.935    Service scanning

18:33:55.486    Modules scanning

18:33:55.502    Disk 0 trace - called modules:

18:33:55.533    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys 

18:33:55.533    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80082a4060]

18:33:55.533    3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\00000062[0xfffffa80078e09c0]

18:33:57.920    AVAST engine scan C:\Windows

18:34:01.945    AVAST engine scan C:\Windows\system32

18:36:23.952    AVAST engine scan C:\Windows\system32\drivers

18:36:35.059    AVAST engine scan C:\Users\Johannes

18:38:24.822    AVAST engine scan C:\ProgramData

18:38:58.128    Scan finished successfully

18:39:08.206    Disk 0 MBR has been saved successfully to "C:\Users\Johannes\Desktop\MBR.dat"

18:39:08.206    The log file has been saved successfully to "C:\Users\Johannes\Desktop\aswMBR.txt"

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 03/16/2012 at 08:49 PM
 

Application Version : 5.0.1146
 

Core Rules Database Version : 8344

Trace Rules Database Version: 6156
 

Scan type       : Complete Scan

Total Scan Time : 01:24:08
 

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Administrator
 

Memory items scanned      : 612

Memory threats detected   : 0

Registry items scanned    : 64772

Registry threats detected : 0

File items scanned        : 182225

File threats detected     : 130
 

Adware.Tracking Cookie

        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\XZXL4XR0.txt [ /ad1.adfarm1.adition.com ]

        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\SG8TBBZK.txt [ /ad3.adfarm1.adition.com ]

        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\E3I79395.txt [ /tracking.quisma.com ]

        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\0UYUSV5Z.txt [ /c.atdmt.com ]

        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\BNDF7LS0.txt [ /mediaplex.com ]

        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\J268CY6S.txt [ /zanox.com ]

        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\E87C9SHA.txt [ /adfarm1.adition.com ]

        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\OBABH9QU.txt [ /dyntracker.com ]

        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\BULX33DP.txt [ /ad.zanox.com ]

        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\NDTV82UQ.txt [ /atdmt.com ]

        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\51NDIYXX.txt [ /serving-sys.com ]

        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\CLRVUG10.txt [ /doubleclick.net ]

        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\LW4WBJN4.txt [ /smartadserver.com ]

        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\E0BANIA3.txt [ /invitemedia.com ]

        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\PC0G15PD.txt [ /apmebf.com ]

        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\IRLIES9Z.txt [ /imrworldwide.com ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\1TLXA4JK.txt [ Cookie:internet@dyntracker.com/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\3U6WUATK.txt [ Cookie:internet@www.googleadservices.com/pagead/conversion/1071875996/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\1IC50NL1.txt [ Cookie:internet@dealtime.com/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\4PPEY33T.txt [ Cookie:internet@www.etracker.de/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y7921EDT.txt [ Cookie:internet@ad2.adfarm1.adition.com/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\CLC3N4UA.txt [ Cookie:internet@a.revenuemax.de/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\76L041VF.txt [ Cookie:internet@smartadserver.com/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\98K9NZZ5.txt [ Cookie:internet@tracking.quisma.com/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\JWQ86HRG.txt [ Cookie:internet@clicks.pangora.com/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\KJ6FH5OF.txt [ Cookie:internet@ad1.adfarm1.adition.com/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\2Z30AM66.txt [ Cookie:internet@mediaplex.com/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZE62I4LS.txt [ Cookie:internet@partners.webmasterplan.com/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\NZ6QSEKB.txt [ Cookie:internet@www.googleadservices.com/pagead/conversion/956579696/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\736P6ON6.txt [ Cookie:internet@tracking.booming.de/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\DYM6KV1S.txt [ Cookie:internet@www.googleadservices.com/pagead/conversion/1066862399/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\J6IAFL8S.txt [ Cookie:internet@ad.adnet.de/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\UBFXP9WL.txt [ Cookie:internet@stat.dealtime.com/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\IJGBMVES.txt [ Cookie:internet@collective-media.net/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\RHKVVEFN.txt [ Cookie:internet@tradedoubler.com/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\SJ2MJCVP.txt [ Cookie:internet@www.googleadservices.com/pagead/conversion/1051510754/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\KFEL6J2B.txt [ Cookie:internet@ad.yieldmanager.com/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\U9VDXT7L.txt [ Cookie:internet@lfstmedia.com/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y4H0C7UU.txt [ Cookie:internet@ww251.smartadserver.com/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\LR5CMDHW.txt [ Cookie:internet@amazon-adsystem.com/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\UFG3MBOW.txt [ Cookie:internet@apmebf.com/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\53CW3QU9.txt [ Cookie:internet@invitemedia.com/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\M4OS2U95.txt [ Cookie:internet@atdmt.com/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\9J6W4NR2.txt [ Cookie:internet@ad3.adfarm1.adition.com/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\DBDBCDH9.txt [ Cookie:internet@www.googleadservices.com/pagead/conversion/972218701/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\8SIJJUB5.txt [ Cookie:internet@webmasterplan.com/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\CCZJBU4N.txt [ Cookie:internet@im.banner.t-online.de/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\8FHT1U61.txt [ Cookie:internet@track.effiliation.com/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\C6OPFNE8.txt [ Cookie:internet@fastclick.net/ ]

        C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\1KXOKETI.txt [ Cookie:internet@zanox.com/ ]

        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\U0B5WUDA.txt [ Cookie:johannes@doubleclick.net/ ]

        C:\USERS\JOHANNES\Cookies\0UYUSV5Z.txt [ Cookie:johannes@c.atdmt.com/ ]

        C:\USERS\JOHANNES\Cookies\BNDF7LS0.txt [ Cookie:johannes@mediaplex.com/ ]

        C:\USERS\JOHANNES\Cookies\J268CY6S.txt [ Cookie:johannes@zanox.com/ ]

        C:\USERS\JOHANNES\Cookies\E87C9SHA.txt [ Cookie:johannes@adfarm1.adition.com/ ]

        C:\USERS\JOHANNES\Cookies\OBABH9QU.txt [ Cookie:johannes@dyntracker.com/ ]

        C:\USERS\JOHANNES\Cookies\BULX33DP.txt [ Cookie:johannes@ad.zanox.com/ ]

        C:\USERS\JOHANNES\Cookies\51NDIYXX.txt [ Cookie:johannes@serving-sys.com/ ]

        C:\USERS\JOHANNES\Cookies\CLRVUG10.txt [ Cookie:johannes@doubleclick.net/ ]

        C:\USERS\JOHANNES\Cookies\LW4WBJN4.txt [ Cookie:johannes@smartadserver.com/ ]

        C:\USERS\JOHANNES\Cookies\E0BANIA3.txt [ Cookie:johannes@invitemedia.com/ ]

        C:\USERS\JOHANNES\Cookies\PC0G15PD.txt [ Cookie:johannes@apmebf.com/ ]

        .serving-sys.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .specificclick.net [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        ww251.smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .traffictrack.de [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        ad1.adfarm1.adition.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        ad2.adfarm1.adition.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        ad.zanox.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .apmebf.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .mediaplex.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .accounts.google.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        accounts.google.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        accounts.google.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .xiti.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .invitemedia.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .estat.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .imrworldwide.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .imrworldwide.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .2o7.net [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .2o7.net [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .doubleclick.net [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .doubleclick.net [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .invitemedia.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        www.etracker.de [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        www.etracker.de [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .tradedoubler.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .tradedoubler.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        www.etracker.de [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        www.etracker.de [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        www.etracker.de [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .accounts.spartzmedia.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .2o7.net [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        a.visualrevenue.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        stats.computecmedia.de [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Eins der beiden ist grade fertig geworden.. Kekse fürs ganze Team so wie es aussieht :)
Malwarebytes folgt!

Code:



Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.16.03
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Johannes :: JOHANNES-PC [Administrator]
 

Schutz: Aktiviert
 

16.03.2012 20:56:41

mbam-log-2012-03-16 (20-56-41).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 374275

Laufzeit: 43 Minute(n), 53 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Und da kommt auch das rein. Wie siehts aus Meister? Darf ich wieder in die Welt der Internets entlassen werden? :)

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Nein. Alles in Ordnung! Danke für die Hilfe.. Ihr seid meine Helden!

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.