Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Ein neuer Fall von TR\Crypt.XPACK.Gen.3 (https://www.trojaner-board.de/111816-neuer-fall-tr-crypt-xpack-gen-3-a.html)

Beagles 19.03.2012 02:17
Ein neuer Fall von TR\Crypt.XPACK.Gen.3
 
Hallo,
mein System (Windows 7 - 64 Bit) wurde mit dem o.g. Virus infiziert.
Avira Antivirus hat ihn gefunden und versucht zu löschen.
Bei Avira steht unter Ereignisse:
Code:
In der Datei 'C:\Users\myo\AppData\Local\Temp\rZcEthtcApF43P.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
direkt danach:
Code:
In der Datei 'C:\Users\myo\AppData\Local\Temp\rZcEthtcApF43P.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
und nach einem kurzen Suchlauf:
Code:
Die Datei 'C:\Users\myo\AppData\Local\Temp\rZcEthtcApF43P.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 4aa0f835.qua erstellt ( QUARANTÄNE ).
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5237d7ea.qua' verschoben!
Unter Berichte wird der Report des Suchlaufs wie folgt angegeben:
Code:
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 18. März 2012  22:35
 
Es wird nach 3569307 Virenstämmen gesucht.
 
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
 
Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows 7 x64
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : MYOHO
 
Versionsinformationen:
BUILD.DAT      : 12.0.0.898    41963 Bytes  31.01.2012 13:51:00
AVSCAN.EXE    : 12.1.0.20    492496 Bytes  15.02.2012 10:09:21
AVSCAN.DLL    : 12.1.0.18      65744 Bytes  15.02.2012 10:09:20
LUKE.DLL      : 12.1.0.19      68304 Bytes  15.02.2012 10:09:22
AVSCPLR.DLL    : 12.1.0.22    100048 Bytes  15.02.2012 10:09:23
AVREG.DLL      : 12.1.0.29    228048 Bytes  15.02.2012 10:09:23
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 21:10:45
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 20:30:49
VBASE004.VDF  : 7.11.21.239    2048 Bytes  01.02.2012 20:31:07
VBASE005.VDF  : 7.11.21.240    2048 Bytes  01.02.2012 20:31:34
VBASE006.VDF  : 7.11.21.241    2048 Bytes  01.02.2012 20:31:49
VBASE007.VDF  : 7.11.21.242    2048 Bytes  01.02.2012 20:32:11
VBASE008.VDF  : 7.11.21.243    2048 Bytes  01.02.2012 20:32:33
VBASE009.VDF  : 7.11.21.244    2048 Bytes  01.02.2012 20:32:54
VBASE010.VDF  : 7.11.21.245    2048 Bytes  01.02.2012 20:34:35
VBASE011.VDF  : 7.11.21.246    2048 Bytes  01.02.2012 20:34:35
VBASE012.VDF  : 7.11.21.247    2048 Bytes  01.02.2012 20:34:35
VBASE013.VDF  : 7.11.22.33  1486848 Bytes  03.02.2012 05:23:57
VBASE014.VDF  : 7.11.22.56    687616 Bytes  03.02.2012 05:23:58
VBASE015.VDF  : 7.11.22.92    178176 Bytes  06.02.2012 08:59:28
VBASE016.VDF  : 7.11.22.154  144896 Bytes  08.02.2012 09:00:00
VBASE017.VDF  : 7.11.22.220  183296 Bytes  13.02.2012 10:09:15
VBASE018.VDF  : 7.11.23.34    202752 Bytes  15.02.2012 10:21:15
VBASE019.VDF  : 7.11.23.98    126464 Bytes  17.02.2012 15:18:21
VBASE020.VDF  : 7.11.23.150  148480 Bytes  20.02.2012 15:17:54
VBASE021.VDF  : 7.11.23.224  172544 Bytes  23.02.2012 15:17:46
VBASE022.VDF  : 7.11.24.52    219648 Bytes  28.02.2012 18:10:19
VBASE023.VDF  : 7.11.24.152  165888 Bytes  05.03.2012 18:10:34
VBASE024.VDF  : 7.11.24.204  177664 Bytes  07.03.2012 00:06:56
VBASE025.VDF  : 7.11.25.30    245248 Bytes  12.03.2012 11:35:21
VBASE026.VDF  : 7.11.25.121  252416 Bytes  15.03.2012 11:37:28
VBASE027.VDF  : 7.11.25.122    2048 Bytes  15.03.2012 11:37:28
VBASE028.VDF  : 7.11.25.123    2048 Bytes  15.03.2012 11:37:28
VBASE029.VDF  : 7.11.25.124    2048 Bytes  15.03.2012 11:37:28
VBASE030.VDF  : 7.11.25.125    2048 Bytes  15.03.2012 11:37:28
VBASE031.VDF  : 7.11.25.142    71680 Bytes  16.03.2012 11:37:58
Engineversion  : 8.2.10.24
AEVDF.DLL      : 8.1.2.2      106868 Bytes  26.10.2011 13:27:25
AESCRIPT.DLL  : 8.1.4.10      455035 Bytes  16.03.2012 11:37:45
AESCN.DLL      : 8.1.8.2      131444 Bytes  27.01.2012 19:37:33
AESBX.DLL      : 8.2.5.5      606579 Bytes  13.03.2012 11:36:09
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06
AEPACK.DLL    : 8.2.16.5      803190 Bytes  08.03.2012 00:07:04
AEOFFICE.DLL  : 8.1.2.25      201084 Bytes  30.12.2011 20:58:11
AEHEUR.DLL    : 8.1.4.7      4501878 Bytes  17.03.2012 11:39:10
AEHELP.DLL    : 8.1.19.0      254327 Bytes  19.01.2012 17:27:59
AEGEN.DLL      : 8.1.5.23      409973 Bytes  08.03.2012 00:06:57
AEEXP.DLL      : 8.1.0.25      74101 Bytes  16.03.2012 11:37:46
AEEMU.DLL      : 8.1.3.0      393589 Bytes  01.09.2011 21:46:01
AECORE.DLL    : 8.1.25.6      201078 Bytes  16.03.2012 11:37:29
AEBB.DLL      : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  11.10.2011 12:59:41
AVPREF.DLL    : 12.1.0.17      51920 Bytes  11.10.2011 12:59:38
AVREP.DLL      : 12.1.0.17    179408 Bytes  11.10.2011 12:59:38
AVARKT.DLL    : 12.1.0.23    209360 Bytes  15.02.2012 10:09:20
AVEVTLOG.DLL  : 12.1.0.17    169168 Bytes  11.10.2011 12:59:37
SQLITE3.DLL    : 3.7.0.0      398288 Bytes  11.10.2011 12:59:51
AVSMTP.DLL    : 12.1.0.17      62928 Bytes  11.10.2011 12:59:39
NETNT.DLL      : 12.1.0.17      17104 Bytes  11.10.2011 12:59:47
RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  11.10.2011 13:00:00
RCTEXT.DLL    : 12.1.0.16      98512 Bytes  11.10.2011 13:00:00
 
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f616b99\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +JOKE,+PCK,+PFS,+SPR,
 
Beginn des Suchlaufs: Sonntag, 18. März 2012  22:35
 
Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
  [HINWEIS]  Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.
 
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IkEJJmteVRTh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mplayer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smplayer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'thunderbird.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'javaw.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IELowutil.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Monitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMSAccessU.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'brss01a.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'bgsvcgen.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'brsvc01a.exe' - '1' Modul(e) wurden durchsucht
 
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)
 
Der Suchlauf über die ausgewählten Dateien wird begonnen:
 
Beginne mit der Suche in 'C:\Users\myo\AppData\Local\Temp\rZcEthtcApF43P.exe'
C:\Users\myo\AppData\Local\Temp\rZcEthtcApF43P.exe
  [FUND]      Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 4aa0f835.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5237d7ea.qua' verschoben!
 
 
Ende des Suchlaufs: Sonntag, 18. März 2012  22:37
Benötigte Zeit: 01:08 Minute(n)
 
Der Suchlauf wurde vollständig durchgeführt.
 
      0 Verzeichnisse wurden überprüft
    24 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      2 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
    23 Dateien ohne Befall
      0 Archive wurden durchsucht
      0 Warnungen
      2 Hinweise
  35103 Objekte wurden beim Rootkitscan durchsucht
      1 Versteckte Objekte wurden gefunden
Dann wurde Avira beendet und es traten Fehlermeldungen, wie hier auf:
http://www.trojaner-board.de/111794-...k-gen-3-a.html
Dann startete sich das System neu. Im abgesicherten Modus fand Avira nichts und nach dem Systemneustart traten die gleichen Fehlermeldungen wie zuvor auf, bis der Rechner wieder neu startete.

defogger habe ich zum disablen ausgeführt.

dds machte die folgenden Logs:
DDS.txt:
[CODE].DDS Logfile:
DDS Logfile:
DDS Logfile:
DDS Logfile:
Code:
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_30
Run by Ho at 1:36:31 on 2012-03-19
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.4095.2824 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex
mRun: [NPSStartup]
mRun: [<NO NAME>]
mRun: [avgnt] "D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - D:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Spamihilator.lnk - D:\Program Files (x86)\Spamihilator\spamihilator.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Programs\PartyGaming\PartyPoker\RunApp.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C3BE1494-EA54-4DA6-8895-4CADAF2FD5F2} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE8B9136-4379-4E79-99BE-7613669E724A} : DhcpNameServer = 213.191.74.19 62.109.123.197
TCP: Interfaces\{FE8B9136-4379-4E79-99BE-7613669E724A}\A5578616573756 : DhcpNameServer = 213.191.74.19 62.109.123.197
TCP: Interfaces\{FE8B9136-4379-4E79-99BE-7613669E724A}\C656E616C657 : DhcpNameServer = 213.191.92.86 62.109.123.7
mASetup: {621FCD24-4498-4324-A81E-07D331376EDF} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{326E768D-4182-46FD-9C16-1449A49795F4}
{593DDEC6-7468-4cdd-90E1-42DADAA222E9}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{AE7CD045-E861-484f-8273-0445EE161910}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
mRun-x64: [NPSStartup]
mRun-x64: [(Standard)]
mRun-x64: [avgnt] "D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Programs\PartyGaming\PartyPoker\RunApp.exe
Hosts: 74.208.105.171 gs.apple.com
Hosts: 74.208.10.249 gs.apple.com
Hosts: 127.255.255.255 www.mobile-master.de mobile-master.de
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\system32\DRIVERS\seehcri.sys --> C:\Windows\system32\DRIVERS\seehcri.sys [?]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
S2 acedrv11;acedrv11;\??\C:\Windows\system32\drivers\acedrv11.sys --> C:\Windows\system32\drivers\acedrv11.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S2 AntiVirSchedulerService;Avira Planer;D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-13 86224]
S2 AntiVirService;Avira Echtzeit Scanner;D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-13 110032]
S2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 GtDetectSc;GtDetectSc;C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe [2008-5-8 314880]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-16 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-2 2214504]
S2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-5-2 2280312]
S3 DrmCAudio;DrmCAudio;C:\Windows\system32\drivers\DrmCAudio.sys --> C:\Windows\system32\drivers\DrmCAudio.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys --> C:\Windows\system32\DRIVERS\ggflt.sys [?]
S3 GT72NDISIPXP;GT 72 IP NDIS;C:\Windows\system32\DRIVERS\Gt51Ip.sys --> C:\Windows\system32\DRIVERS\Gt51Ip.sys [?]
S3 GT72UBUS;GT 72 U BUS;C:\Windows\system32\DRIVERS\gt72ubus.sys --> C:\Windows\system32\DRIVERS\gt72ubus.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-16 136176]
S3 PAC7311;Trust CP-2300 Webcam;C:\Windows\system32\DRIVERS\PA707UCM.SYS --> C:\Windows\system32\DRIVERS\PA707UCM.SYS [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 RTL8187B;RTL8187B Drahtlos-802.11b/g-USB 2.0-Netzwerkadapter (54 MBit/s) von Realtek;C:\Windows\system32\DRIVERS\RTL8187B.sys --> C:\Windows\system32\DRIVERS\RTL8187B.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\system32\DRIVERS\s0016bus.sys --> C:\Windows\system32\DRIVERS\s0016bus.sys [?]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s0016mdfl.sys --> C:\Windows\system32\DRIVERS\s0016mdfl.sys [?]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s0016mdm.sys --> C:\Windows\system32\DRIVERS\s0016mdm.sys [?]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s0016mgmt.sys --> C:\Windows\system32\DRIVERS\s0016mgmt.sys [?]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\system32\DRIVERS\s0016nd5.sys --> C:\Windows\system32\DRIVERS\s0016nd5.sys [?]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s0016obex.sys --> C:\Windows\system32\DRIVERS\s0016obex.sys [?]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\system32\DRIVERS\s0016unic.sys --> C:\Windows\system32\DRIVERS\s0016unic.sys [?]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);C:\Windows\system32\DRIVERS\s816bus.sys --> C:\Windows\system32\DRIVERS\s816bus.sys [?]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s816mdfl.sys --> C:\Windows\system32\DRIVERS\s816mdfl.sys [?]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s816mdm.sys --> C:\Windows\system32\DRIVERS\s816mdm.sys [?]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s816mgmt.sys --> C:\Windows\system32\DRIVERS\s816mgmt.sys [?]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);C:\Windows\system32\DRIVERS\s816nd5.sys --> C:\Windows\system32\DRIVERS\s816nd5.sys [?]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s816obex.sys --> C:\Windows\system32\DRIVERS\s816obex.sys [?]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);C:\Windows\system32\DRIVERS\s816unic.sys --> C:\Windows\system32\DRIVERS\s816unic.sys [?]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\system32\DRIVERS\ss_bbus.sys --> C:\Windows\system32\DRIVERS\ss_bbus.sys [?]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\system32\DRIVERS\ss_bmdfl.sys --> C:\Windows\system32\DRIVERS\ss_bmdfl.sys [?]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\system32\DRIVERS\ss_bmdm.sys --> C:\Windows\system32\DRIVERS\ss_bmdm.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2010-9-3 16448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
.
=============== File Associations ===============
.
regfile="regedit.exe" "%1"
.
=============== Created Last 30 ================
.
2012-03-18 23:41:29    --------    d---a-w-    C:\Kaspersky Rescue Disk 10.0
2012-03-18 21:35:26    448512    ---ha-w-    C:\ProgramData\IkEJJmteVRTh.exe
2012-03-15 16:48:51    733184    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2012-03-15 16:48:51    69715    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2012-03-15 16:48:51    5632    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2012-03-15 16:48:51    266240    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2012-03-15 16:48:51    172032    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2012-03-15 16:47:42    180356    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2012-03-15 16:47:41    303236    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2012-03-13 21:51:32    5559152    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2012-03-13 21:51:31    3968368    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-13 21:51:31    3913584    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 21:49:02    3145728    ----a-w-    C:\Windows\System32\win32k.sys
2012-03-13 21:49:01    9216    ----a-w-    C:\Windows\System32\rdrmemptylst.exe
2012-03-13 21:49:01    77312    ----a-w-    C:\Windows\System32\rdpwsx.dll
2012-03-13 21:49:01    149504    ----a-w-    C:\Windows\System32\rdpcorekmts.dll
2012-03-13 21:49:00    1544192    ----a-w-    C:\Windows\System32\DWrite.dll
2012-03-13 21:49:00    1077248    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2012-03-13 21:48:59    826880    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
2012-03-13 21:48:59    1112064    ----a-w-    C:\Windows\System32\rdpcorets.dll
2012-03-13 21:48:59    1031680    ----a-w-    C:\Windows\System32\rdpcore.dll
2012-03-13 21:48:58    23552    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 21:48:58    210944    ----a-w-    C:\Windows\System32\drivers\rdpwd.sys
2012-03-05 18:47:56    331136    ----a-w-    C:\Windows\PFUn.EXE
2012-03-05 11:42:11    231376    ----a-w-    C:\Windows\System32\drivers\truecrypt.sys
2012-02-23 07:29:16    --------    d--h--w-    C:\Users\Ho\AppData\Roaming\pdfforge
2012-02-23 07:29:13    137000    ----a-w-    C:\Windows\SysWow64\MSMAPI32.OCX
2012-02-23 07:29:12    64512    ----a-w-    C:\Windows\SysWow64\MSCC2DE.DLL
2012-02-23 07:29:12    23552    ----a-w-    C:\Windows\SysWow64\MSMPIDE.DLL
2012-02-21 16:24:55    --------    d--h--w-    C:\Users\Ho\.VirtualBox
2012-02-21 15:10:06    224048    ----a-w-    C:\Windows\System32\drivers\VBoxDrv.sys
2012-02-21 15:09:55    130864    ----a-w-    C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-02-19 16:15:34    --------    d-----w-    C:\Program Files (x86)\Tesseract-OCR
.
==================== Find3M  ====================
.
2012-02-21 14:41:48    414368    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44:20    509952    ----a-w-    C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41    442880    ----a-w-    C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08    515584    ----a-w-    C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56    478720    ----a-w-    C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24    498688    ----a-w-    C:\Windows\System32\drivers\afd.sys
2006-05-03 11:06:54    163328    --sha-r-    C:\Windows\SysWOW64\flvDX.dll
2007-02-21 12:47:16    31232    --sha-r-    C:\Windows\SysWOW64\msfDX.dll
2008-03-16 14:30:52    216064    --sha-r-    C:\Windows\SysWOW64\nbDX.dll
2010-01-06 23:00:00    107520    --sha-r-    C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH:  1:37:07,48 ===============
--- --- ---

--- --- ---

--- --- ---

--- --- ---


Attach.txt
Code:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 27.10.2009 14:24:00
System Uptime: 19.03.2012 01:31:55 (0 hours ago)
.
Motherboard: ASRock |  | G31M-GS
Processor: Pentium(R) Dual-Core  CPU      E6300  @ 2.80GHz | CPUSocket | 2743/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 49 GiB total, 18,452 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 7,423 GiB free.
E: is FIXED (NTFS) - 402 GiB total, 109,404 GiB free.
F: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Photoshop CS5
Adobe Reader X (10.1.0) - Deutsch
Adobe Shockwave Player 11.5
Advanced PDF Password Recovery
Anti-reCAPTCHA v3.02 JD
ASIO4ALL
Audacity 1.3.13 (Unicode)
Aurora SVG Viewer & Converter version 11.5
Auto Gordian Knot 2.55
Avira Free Antivirus
Blogger Backup Utility
BMWi-Businessplaner Fuehren
BMWi-Businessplaner Gründung
BMWi-Softwarepaket 10
BMWi Updater
CanoScan Toolbox Ver4.9
CDBurnerXP
Condition Zero
Condition Zero Deleted Scenes
Counter-Strike
CS_Manager
DHTML Editing Component
DivX-Setup
DivX Plus DirectShow Filters
DVD Decrypter (Remove Only)
ElsterFormular für Privatanwender
erLT
EssentialFax
EVEREST Home Edition v2.20
FinePixViewer Resource
FinePixViewer Ver.5.5
FinePixViewer YTUPL
FL Studio 9
Foxit PDF Editor
Frontschweine
GIMP 2.6.7
Google Earth
Google Earth Plug-in
Google Update Helper
GTK+ Runtime 2.14.7 rev a (nur entfernen)
Hardcore
HLSW v1.3.2.1
IL Download Manager
ImgBurn
Inkscape 0.48.1
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 30
JDownloader
Joe
LAME v3.98.2 for Audacity
linguatec Voice Reader
Logitech SetPoint
Lost Horizon
MAGIX Video deluxe 16 Premium 9.0.0.54 (D)
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MozBackup 1.5.1
Mozilla Firefox (3.6.3)
Mozilla Thunderbird (3.0)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
MyPhoneExplorer
NVIDIA GAME System Software 2.8.1
OpenAL
OpenOffice.org 3.2
PartyPoker
PDF Settings CS5
PDFCreator
PersonalFax 1.65
PG Music DirectX Plugins 2.0.0.0
Picasa 3
Pidgin
PixiePack Codec Pack
PoiZone
ProtectDisc Driver, Version 11
Python 2.7.1
QuickTime Alternative 3.2.2
RealPlayer
Realtek Ethernet Controller  Driver
Realtek High Definition Audio Driver
REAPER
redist
Samsung New PC Studio
Sawer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
SIW version 2011.10.29
Skype™ 5.5
SMPlayer 0.6.9
Steam
StreamTorrent 1.0
SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
TeamViewer 6
TIPP10 Version 2.1.0
TMPGEnc Authoring Works 4
Total Commander (Remove or Repair)
Toxic Biohazard
TrueCrypt
Turbo Lister 2
Ubuntu
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.1.10
VobSub v2.23 (Remove Only)
Winamp
Windows Media Player Firefox Plugin
WUSB54GC
XviD MPEG4 Video Codec (remove only)
Zattoo4 4.0.5
.
==== End Of File ===========================
Da es im o.g. verwandten Thread sinnvoll schien, habe ich die OTL-Logs in einem ZIP-Archiv angehängt.

markusg 19.03.2012 12:21
hi,
welche fehlermeldungen traten zusätzlich auf, ich möchte sie von deinem pc sehen bitte.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Beagles 19.03.2012 13:10
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo markusg,

vielen Dank, dass du dich meinem Problem angenommen hast.
Im Anhang habe ich eine Bilddatei beigefügt, auf der die Fehrlermeldungen zu sehen sind, die kurz nach Systemstart auftreten. Die Meldung oben links kommt ein paar Sekunden verzögert.

OTL hat nur ein Logfile produziert:
Code:
OTL logfile created on: 19.03.2012 12:40:08 - Run 2
OTL by OldTimer - Version 3.2.39.1    Folder = C:\Users\myo\Desktop\Trojaner Logs
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,45 Gb Available Physical Memory | 86,30% Memory free
8,00 Gb Paging File | 7,48 Gb Available in Paging File | 93,49% Paging File free
Paging file location(s): e:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 49,35 Gb Total Space | 18,98 Gb Free Space | 38,45% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 7,42 Gb Free Space | 50,67% Space Free | Partition Type: NTFS
Drive E: | 401,76 Gb Total Space | 208,13 Gb Free Space | 51,80% Space Free | Partition Type: NTFS
 
Computer Name: MYOHO | User Name: Ho | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\myo\Desktop\Trojaner Logs\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccess) -- d:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (bgsvcgen) -- C:\Windows\SysWOW64\bgsvcgen.exe (SOURCENEXT)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GtDetectSc) -- C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe (OptionNV)
SRV - (Brother XP spl Service) -- C:\Windows\SysWOW64\BRSVC01A.EXE (brother Industries Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (s816mdm) -- C:\Windows\SysNative\drivers\s816mdm.sys (MCCI Corporation)
DRV:64bit: - (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) -- C:\Windows\SysNative\drivers\s816unic.sys (MCCI)
DRV:64bit: - (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s816mgmt.sys (MCCI Corporation)
DRV:64bit: - (s816obex) -- C:\Windows\SysNative\drivers\s816obex.sys (MCCI Corporation)
DRV:64bit: - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\Windows\SysNative\drivers\s816bus.sys (MCCI Corporation)
DRV:64bit: - (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) -- C:\Windows\SysNative\drivers\s816nd5.sys (MCCI Corporation)
DRV:64bit: - (s816mdfl) -- C:\Windows\SysNative\drivers\s816mdfl.sys (MCCI Corporation)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (DrmCAudio) -- C:\Windows\SysNative\drivers\DrmCAudio.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (WsAudio_DeviceS(5)) WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(4)) WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(3)) WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(2)) WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(1)) WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM) -- C:\Windows\SysNative\drivers\SRS_SSCFilter_amd64.sys ()
DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys ()
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (RTL8187B) RTL8187B Drahtlos-802.11b/g-USB 2.0-Netzwerkadapter (54 MBit/s) -- C:\Windows\SysNative\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                          )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation)
DRV:64bit: - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation)
DRV:64bit: - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation)
DRV:64bit: - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation)
DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation)
DRV:64bit: - (GT72NDISIPXP) -- C:\Windows\SysNative\drivers\Gt51Ip.sys (Option N.V.)
DRV:64bit: - (GT72UBUS) -- C:\Windows\SysNative\drivers\gt72ubus.sys (Option N.V.)
DRV:64bit: - (GTPTSER) -- C:\Windows\SysNative\drivers\gtptser.sys (Option N.V.)
DRV:64bit: - (PAC7311) -- C:\Windows\SysNative\drivers\PA707UCM.SYS (PixArt Imaging Inc.)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (cdrbsdrv) -- C:\Windows\SysWow64\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: d:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: d:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: e:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: D:\Program Files (x86)\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: D:\Program Files (x86)\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: D:\Program Files (x86)\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.07.22 14:29:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.15 14:53:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.15 14:53:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: d:\Program Files (x86)\Mozilla Firefox\components [2012.03.18 22:30:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: d:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.08 20:28:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Components: D:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.25 11:06:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.12.20 20:14:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\support@easy-hide-ip.com: d:\Program Files (x86)\Easy-Hide-IP\ff-extension
 
[2010.03.04 18:24:01 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Ho\AppData\Roaming\mozilla\Extensions
[2010.03.04 18:24:01 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Ho\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.04.08 20:41:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Ho\AppData\Roaming\mozilla\Sunbird\Profiles\quz7f7yf.default\extensions
[2010.04.08 20:41:32 | 000,000,000 | -H-D | M] (MyPhoneExplorer) -- C:\Users\Ho\AppData\Roaming\mozilla\Sunbird\Profiles\quz7f7yf.default\extensions\myphoneexplorer@fjsoft.at
[2011.02.24 20:10:29 | 000,000,000 | ---D | M] (No name found) -- D:\PROGRAM FILES (X86)\MOZILLA SUNBIRD\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103}
File not found (No name found) -- D:\PROGRAM FILES (X86)\MOZILLA SUNBIRD\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
File not found (No name found) -- D:\PROGRAM FILES (X86)\MOZILLA SUNBIRD\EXTENSIONS\TALKBACK@MOZILLA.ORG
 
O1 HOSTS File: ([2011.08.16 06:56:19 | 000,001,082 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 74.208.105.171 gs.apple.com
O1 - Hosts: 74.208.10.249 gs.apple.com
O1 - Hosts: 127.255.255.255 www.mobile-master.de mobile-master.de
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.google-analytics.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [PAC7311_Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex File not found
O4 - HKCU..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3BE1494-EA54-4DA6-8895-4CADAF2FD5F2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE8B9136-4379-4E79-99BE-7613669E724A}: DhcpNameServer = 213.191.74.19 62.109.123.197
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {621FCD24-4498-4324-A81E-07D331376EDF} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AnyDVD - hkey= - key= - D:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
MsConfig:64bit - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: DNS7reminder - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Easy-Hide-IP - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Essential Fax Print Controller - hkey= - key= - C:\Program Files (x86)\EssentialFax\essfaxcontrol.exe ()
MsConfig:64bit - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SSBkgdUpdate - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: TrayServer - hkey= - key= - E:\Program Files (x86)\MAGIX\Video_deluxe_16_Premium\Trayserver.exe (MAGIX AG)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.19 09:58:56 | 000,000,000 | ---D | C] -- C:\.Trash-1000
[2012.03.19 00:41:29 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.03.15 17:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\linguatec
[2012.03.05 19:47:56 | 000,331,136 | ---- | C] (Mirko Böer) -- C:\Windows\PFUn.EXE
[2012.03.05 19:47:55 | 000,000,000 | -H-D | C] -- C:\Users\Ho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PersonalFax
[2012.03.05 12:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2012.03.05 12:42:11 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2012.02.23 08:29:16 | 000,000,000 | -H-D | C] -- C:\Users\Ho\AppData\Roaming\pdfforge
[2012.02.23 08:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.02.21 17:24:55 | 000,000,000 | -H-D | C] -- C:\Users\Ho\.VirtualBox
[2012.02.21 16:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2012.02.19 17:15:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\designer
[2012.02.19 17:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tesseract-OCR
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Users\Ho\*.tmp files -> C:\Users\Ho\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.19 12:38:28 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.19 12:38:28 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.19 12:38:28 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.19 12:38:28 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.19 12:38:28 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.19 12:34:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.19 12:33:58 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.19 12:33:14 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.19 12:33:13 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.19 12:30:27 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.19 01:35:56 | 000,000,020 | ---- | M] () -- C:\Users\Ho\defogger_reenable
[2012.03.18 22:32:20 | 000,448,512 | -H-- | M] ( ) -- C:\ProgramData\IkEJJmteVRTh.exe
[2012.03.18 22:13:06 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.18 22:12:19 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3880435414-3585075777-220885001-1001UA.job
[2012.03.18 20:12:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3880435414-3585075777-220885001-1001Core.job
[2012.03.18 08:18:04 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.03.15 05:09:53 | 004,994,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.05 19:48:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\FaxMan
[2012.03.05 19:47:56 | 000,003,020 | R--- | M] () -- C:\Windows\PersonalFax_Uninstall.in
[2012.03.05 12:42:11 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2012.02.21 15:28:37 | 000,134,975 | ---- | M] () -- C:\wubildr
[2012.02.21 15:13:04 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Users\Ho\*.tmp files -> C:\Users\Ho\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.19 01:35:55 | 000,000,020 | ---- | C] () -- C:\Users\Ho\defogger_reenable
[2012.03.18 22:35:26 | 000,448,512 | -H-- | C] ( ) -- C:\ProgramData\IkEJJmteVRTh.exe
[2012.03.18 08:18:04 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.03.05 19:48:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\FaxMan
[2012.03.05 19:47:56 | 000,003,020 | R--- | C] () -- C:\Windows\PersonalFax_Uninstall.in
[2012.02.21 15:28:37 | 000,134,975 | ---- | C] () -- C:\wubildr
[2012.02.21 15:13:04 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2012.02.21 14:50:09 | 729,067,520 | ---- | C] () -- C:\ubuntu-11.10-desktop-i386.iso
[2012.02.08 20:19:18 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.10.31 18:42:30 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2011.03.27 19:26:49 | 000,000,000 | -H-- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.11.30 21:03:56 | 000,003,584 | -H-- | C] () -- C:\Users\Ho\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.29 16:42:52 | 000,017,408 | -H-- | C] () -- C:\Users\Ho\AppData\Local\WebpageIcons.db
[2010.05.09 01:56:49 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
 
========== LOP Check ==========
 
[2010.05.03 19:29:17 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\.purple
[2011.07.07 15:32:25 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\Advanced Font Viewer
[2010.01.09 13:19:52 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\Anvil Studio
[2011.11.09 19:54:18 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\DAEMON Tools Lite
[2011.11.09 19:54:18 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\DAEMON Tools Pro
[2012.03.18 08:18:50 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\elsterformular
[2010.08.05 09:03:35 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\FUJIFILM
[2009.11.18 01:06:55 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\ImgBurn
[2011.07.10 08:06:16 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\inkscape
[2010.01.23 21:33:55 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\Leadertech
[2011.12.02 14:33:48 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\MyPhoneExplorer
[2010.02.14 15:18:03 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\Notation
[2011.10.31 18:49:44 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\Notepad++
[2010.07.31 16:59:36 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\Nuance
[2012.02.23 08:29:16 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\pdfforge
[2010.09.03 18:36:07 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\Samsung
[2009.12.08 21:27:56 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\Screaming Bee
[2010.09.19 13:21:55 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\Spamihilator
[2010.03.04 18:24:01 | 000,000,000 | -H-D | M] -- C:\Users\Ho\AppData\Roaming\Thunderbird
[2011.05.25 13:25:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.08.05 15:56:24 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.03.19 09:58:56 | 000,000,000 | ---D | M] -- C:\.Trash-1000
[2011.03.27 19:36:36 | 000,000,000 | ---D | M] -- C:\2011-03-27
[2011.02.23 19:45:00 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.10.27 15:38:13 | 000,000,000 | -H-D | M] -- C:\CanoScan
[2011.06.25 21:30:40 | 000,000,000 | ---D | M] -- C:\Converted
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.10.27 14:28:21 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.10.27 15:33:46 | 000,000,000 | ---D | M] -- C:\Intel
[2012.03.19 00:48:14 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0
[2010.01.05 16:25:35 | 000,000,000 | ---D | M] -- C:\Magix
[2011.07.03 17:00:12 | 000,000,000 | ---D | M] -- C:\olgames
[2010.11.02 11:22:40 | 000,000,000 | ---D | M] -- C:\PDFOCR_Output
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.20 20:16:27 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.02.19 17:15:34 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.03.18 22:35:26 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.10.27 14:28:21 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.10.27 14:28:22 | 000,000,000 | -HSD | M] -- C:\Recovery
[2010.10.29 02:20:28 | 000,000,000 | ---D | M] -- C:\Spiele
[2012.03.19 01:31:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.02 19:00:26 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.19 00:20:24 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2011.07.10 17:34:10 | 000,001,295 | -H-- | M] () -- C:\Users\Ho\.recently-used.xbel
[2012.03.19 01:35:56 | 000,000,020 | ---- | M] () -- C:\Users\Ho\defogger_reenable
[2012.03.19 12:38:56 | 001,835,008 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT
[2012.03.19 12:38:56 | 000,262,144 | -HS- | M] () -- C:\Users\Ho\ntuser.dat.LOG1
[2009.11.13 01:45:29 | 000,000,000 | -HS- | M] () -- C:\Users\Ho\ntuser.dat.LOG2
[2009.11.13 01:45:30 | 000,065,536 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009.11.13 01:45:30 | 000,524,288 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009.11.13 01:45:30 | 000,524,288 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2009.12.08 22:58:22 | 000,065,536 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{1a1f079c-e444-11de-be38-001966e11ce0}.TM.blf
[2009.12.08 22:58:22 | 000,524,288 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{1a1f079c-e444-11de-be38-001966e11ce0}.TMContainer00000000000000000001.regtrans-ms
[2009.12.08 22:58:22 | 000,524,288 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{1a1f079c-e444-11de-be38-001966e11ce0}.TMContainer00000000000000000002.regtrans-ms
[2009.11.24 18:22:50 | 000,065,536 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{23ee550e-d84f-11de-8db1-001966e11ce0}.TM.blf
[2009.11.24 18:22:50 | 000,524,288 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{23ee550e-d84f-11de-8db1-001966e11ce0}.TMContainer00000000000000000001.regtrans-ms
[2009.11.24 18:22:50 | 000,524,288 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{23ee550e-d84f-11de-8db1-001966e11ce0}.TMContainer00000000000000000002.regtrans-ms
[2009.12.23 11:48:27 | 000,065,536 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{9be74a8b-e827-11de-a7f3-001966e11ce0}.TM.blf
[2009.12.23 11:48:27 | 000,524,288 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{9be74a8b-e827-11de-a7f3-001966e11ce0}.TMContainer00000000000000000001.regtrans-ms
[2009.12.23 11:48:27 | 000,524,288 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{9be74a8b-e827-11de-a7f3-001966e11ce0}.TMContainer00000000000000000002.regtrans-ms
[2009.12.10 12:19:50 | 000,065,536 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{ec89a9ac-e57c-11de-be7f-001966e11ce0}.TM.blf
[2009.12.10 12:19:50 | 000,524,288 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{ec89a9ac-e57c-11de-be7f-001966e11ce0}.TMContainer00000000000000000001.regtrans-ms
[2009.12.10 12:19:50 | 000,524,288 | -HS- | M] () -- C:\Users\Ho\NTUSER.DAT{ec89a9ac-e57c-11de-be7f-001966e11ce0}.TMContainer00000000000000000002.regtrans-ms
[2009.11.13 01:45:29 | 000,000,020 | -HS- | M] () -- C:\Users\Ho\ntuser.ini
[2010.04.23 20:05:32 | 000,000,016 | -H-- | M] () -- C:\Users\Ho\persistent_state
[2 C:\Users\Ho\*.tmp files -> C:\Users\Ho\*.tmp -> ]
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:9B013599
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F35A93AD
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7D43E156
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:50DD4118

< End of report >

markusg 19.03.2012 13:13
hi
ich brauch die meldung mal bitte als text, danke.

Beagles 19.03.2012 13:33
Ein der vielen Fehlermeldungen hat folgenden Text:
Code:
Windows - Delayed Write Failed
Failed to save alle the components for the file \\System32\000015b0. The file is corrupted or unreadable. This error may be caused by a PC hardware problem.
Die anderen haben glaube ich einen anderen Wert nach "\\System 32\".

Die spätere Meldung hat folgenden Inhalt:
Code:
Microsoft Windows
Windows detected a hard disk problem

A potential disk failure may caue loss of files, applications and documents stored on the hard disk. It's highly recommended to scan and solve HDD problems beore continue using this PC.

--> Scan and fix (recommended)
Prevents future problems with files stored on this disk or device.

--> Delay scan
Your computer will be restarted
Wenn man nichts klickt gibt Windows bald eine Meldung aus, dass der RAM am überlaufen ist.

Ich bin grad immer etwas ängstlich, dass infizierte System im normalen Modus zu starten. Macht das nichts aus?

markusg 19.03.2012 13:36
du bist doch im moment im abgesicherten modus mit netzwerk.
bist du da im betroffenen konto angemeldet gewesen?
falls nein, mach das mal bitte und erstelle die otl logs von dort aus

Beagles 19.03.2012 13:49
Als ich OTL hab laufen lassen, war ich unter Windows mit dem betroffenen Konto im abgesicherten Modus mit Netzwerktreibern angemeldet, habe OTL aber als Administrator ausgeführt.

markusg 19.03.2012 14:33
lade unhide:
http://filepony.de/download-unhide/
doppelklicken, dateien werden sichtbar
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

Beagles 19.03.2012 15:25
Unhide habe ich erfolgreich ausgeführt.

Combofix hat kurz nach seinem Scan den Rechner neu gestartet. Ich habe dann den Windows im normalen Modus gebootet und Combofix öffnete ein Fenster, schloss es, öffnete ein neues, schloss es usw. Bald gesellten sich die altbekannten Fehlermeldungen dazu, der Desktop wurde ein Flackerfeuerwerk, die CPU wurde maximal genutzt und Windows meldete überfüllten RAM.
Ich meldete mich mit Affengriff ab und startete im abgesicherten Modus neu.
Eine C:\Combofix.txt exisitiert nicht.

Dies ist der Inhalt der C:\ComboFix\ComboFix.txt:
Code:
ComboFix 12-03-18.04 - Ho 19.03.2012  15:07:14.1.2 - x64 NETWORK
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.4095.3099 [GMT 1:00]
ausgeführt von:: C:\Users\myo\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt

markusg 19.03.2012 16:40
lass combofix im abgesicherten modus starten, melde dich, wenn combofix neustartet, wieder im selben konto im abgesicherten modus an.
dann sollte es gehen.

Beagles 19.03.2012 17:28
Habe im abgesicherten Modus mit dem Benutzerkonto "ho" Combofix über die Combofix.exe auf dem Desktop gestartet.
Combofix hat bis Stufe 50 nach infizierten Dateien gesucht und dann für eine halbe Sekunde den Neustart angekündigt.
Im Bootmenü habe ich wieder den abgesicherten Modus (immer mit Netzwerktreibern) gewählt und mich wieder mit dem Benutzerkonto "ho" angemeldet.
Automatisch hat sich nichts gestartet, eine Combofix.txt existiert unter c:\ nicht.
Ich habe Combofix über die Combofix.exe auf dem Desktop gestartet.
Combofix hat bis Stufe 50 nach infizierten Dateien gesucht und dann für eine halbe Sekunde den Neustart angekündigt.
Im Bootmenü habe ich wieder den abgesicherten Modus (immer mit Netzwerktreibern) gewählt und mich wieder mit dem Benutzerkonto "ho" angemeldet.
Automatisch hat sich nichts gestartet, eine Combofix.txt existiert unter c:\ nicht.
Ist ne Schleife.
Die Combofix.txt unter c:\combofix\ ist auch noch immer unverändert und wie zuvor gepostet.

markusg 19.03.2012 18:05
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

Beagles 19.03.2012 18:25
tdss killer report:
Code:
18:21:58.0410 1372        TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
18:21:58.0847 1372        ============================================================
18:21:58.0847 1372        Current date / time: 2012/03/19 18:21:58.0847
18:21:58.0847 1372        SystemInfo:
18:21:58.0847 1372       
18:21:58.0847 1372        OS Version: 6.1.7601 ServicePack: 1.0
18:21:58.0847 1372        Product type: Workstation
18:21:58.0847 1372        ComputerName: MYOHO
18:21:58.0847 1372        UserName: Ho
18:21:58.0847 1372        Windows directory: C:\Windows
18:21:58.0847 1372        System windows directory: C:\Windows
18:21:58.0847 1372        Running under WOW64
18:21:58.0847 1372        Processor architecture: Intel x64
18:21:58.0847 1372        Number of processors: 2
18:21:58.0847 1372        Page size: 0x1000
18:21:58.0847 1372        Boot type: Safe boot with network
18:21:58.0847 1372        ============================================================
18:22:00.0050 1372        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:22:00.0066 1372        \Device\Harddisk0\DR0:
18:22:00.0066 1372        MBR used
18:22:00.0066 1372        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x62B22D2
18:22:00.0082 1372        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x62B3800, BlocksNum 0x1D4B800
18:22:00.0082 1372        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7FFF000, BlocksNum 0x32386800
18:22:00.0160 1372        Initialize success
18:22:00.0160 1372        ============================================================
18:22:13.0035 1748        ============================================================
18:22:13.0035 1748        Scan started
18:22:13.0035 1748        Mode: Manual; SigCheck; TDLFS;
18:22:13.0035 1748        ============================================================
18:22:14.0003 1748        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:22:14.0269 1748        1394ohci - ok
18:22:14.0378 1748        acedrv11        (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys
18:22:14.0863 1748        acedrv11 - ok
18:22:14.0925 1748        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:22:14.0941 1748        ACPI - ok
18:22:14.0988 1748        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:22:15.0050 1748        AcpiPmi - ok
18:22:15.0097 1748        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:22:15.0113 1748        adp94xx - ok
18:22:15.0144 1748        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:22:15.0144 1748        adpahci - ok
18:22:15.0160 1748        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:22:15.0175 1748        adpu320 - ok
18:22:15.0238 1748        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:22:15.0269 1748        AFD - ok
18:22:15.0347 1748        AgereSoftModem  (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
18:22:15.0394 1748        AgereSoftModem - ok
18:22:15.0425 1748        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:22:15.0425 1748        agp440 - ok
18:22:15.0457 1748        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:22:15.0472 1748        aliide - ok
18:22:15.0488 1748        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:22:15.0488 1748        amdide - ok
18:22:15.0519 1748        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:22:15.0566 1748        AmdK8 - ok
18:22:15.0582 1748        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:22:15.0613 1748        AmdPPM - ok
18:22:15.0644 1748        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:22:15.0644 1748        amdsata - ok
18:22:15.0660 1748        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:22:15.0675 1748        amdsbs - ok
18:22:15.0707 1748        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:22:15.0707 1748        amdxata - ok
18:22:15.0785 1748        AnyDVD          (7e9b3ae62c0d9cfda16f2d97f939a7b1) C:\Windows\system32\Drivers\AnyDVD.sys
18:22:15.0785 1748        AnyDVD - ok
18:22:15.0832 1748        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:22:15.0941 1748        AppID - ok
18:22:16.0019 1748        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:22:16.0035 1748        arc - ok
18:22:16.0050 1748        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:22:16.0050 1748        arcsas - ok
18:22:16.0082 1748        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:22:16.0175 1748        AsyncMac - ok
18:22:16.0207 1748        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:22:16.0207 1748        atapi - ok
18:22:16.0269 1748        atksgt          (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
18:22:16.0269 1748        atksgt - ok
18:22:16.0316 1748        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
18:22:16.0332 1748        avgntflt - ok
18:22:16.0363 1748        avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
18:22:16.0363 1748        avipbb - ok
18:22:16.0378 1748        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
18:22:16.0394 1748        avkmgr - ok
18:22:16.0425 1748        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:22:16.0457 1748        b06bdrv - ok
18:22:16.0488 1748        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:22:16.0535 1748        b57nd60a - ok
18:22:16.0597 1748        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:22:16.0628 1748        Beep - ok
18:22:16.0691 1748        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:22:16.0707 1748        blbdrive - ok
18:22:16.0722 1748        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:22:16.0753 1748        bowser - ok
18:22:16.0769 1748        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:22:16.0816 1748        BrFiltLo - ok
18:22:16.0832 1748        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:22:16.0832 1748        BrFiltUp - ok
18:22:16.0878 1748        BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:22:16.0910 1748        BridgeMP - ok
18:22:16.0941 1748        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:22:16.0957 1748        Brserid - ok
18:22:16.0972 1748        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:22:16.0988 1748        BrSerWdm - ok
18:22:17.0003 1748        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:22:17.0035 1748        BrUsbMdm - ok
18:22:17.0050 1748        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:22:17.0066 1748        BrUsbSer - ok
18:22:17.0082 1748        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:22:17.0097 1748        BTHMODEM - ok
18:22:17.0222 1748        catchme - ok
18:22:17.0285 1748        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:22:17.0332 1748        cdfs - ok
18:22:17.0347 1748        cdrbsdrv - ok
18:22:17.0394 1748        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:22:17.0410 1748        cdrom - ok
18:22:17.0457 1748        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:22:17.0472 1748        circlass - ok
18:22:17.0503 1748        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:22:17.0519 1748        CLFS - ok
18:22:17.0550 1748        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:22:17.0566 1748        CmBatt - ok
18:22:17.0582 1748        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:22:17.0597 1748        cmdide - ok
18:22:17.0628 1748        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:22:17.0660 1748        CNG - ok
18:22:17.0675 1748        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:22:17.0691 1748        Compbatt - ok
18:22:17.0722 1748        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:22:17.0753 1748        CompositeBus - ok
18:22:17.0769 1748        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:22:17.0785 1748        crcdisk - ok
18:22:17.0816 1748        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
18:22:17.0863 1748        CSC - ok
18:22:17.0910 1748        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:22:17.0941 1748        DfsC - ok
18:22:17.0972 1748        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:22:18.0003 1748        discache - ok
18:22:18.0035 1748        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:22:18.0035 1748        Disk - ok
18:22:18.0082 1748        DrmCAudio      (f3bc19b53c752434d25207deb3393f39) C:\Windows\system32\drivers\DrmCAudio.sys
18:22:18.0097 1748        DrmCAudio - ok
18:22:18.0128 1748        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:22:18.0144 1748        drmkaud - ok
18:22:18.0207 1748        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:22:18.0222 1748        DXGKrnl - ok
18:22:18.0285 1748        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:22:18.0363 1748        ebdrv - ok
18:22:18.0441 1748        ElbyCDIO        (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
18:22:18.0457 1748        ElbyCDIO - ok
18:22:18.0488 1748        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:22:18.0503 1748        elxstor - ok
18:22:18.0535 1748        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:22:18.0566 1748        ErrDev - ok
18:22:18.0597 1748        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:22:18.0628 1748        exfat - ok
18:22:18.0644 1748        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:22:18.0675 1748        fastfat - ok
18:22:18.0707 1748        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:22:18.0769 1748        fdc - ok
18:22:18.0800 1748        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:22:18.0800 1748        FileInfo - ok
18:22:18.0816 1748        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:22:18.0847 1748        Filetrace - ok
18:22:18.0863 1748        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:22:18.0878 1748        flpydisk - ok
18:22:18.0925 1748        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:22:18.0941 1748        FltMgr - ok
18:22:18.0957 1748        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:22:18.0957 1748        FsDepends - ok
18:22:18.0988 1748        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:22:18.0988 1748        Fs_Rec - ok
18:22:19.0050 1748        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:22:19.0066 1748        fvevol - ok
18:22:19.0082 1748        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:22:19.0097 1748        gagp30kx - ok
18:22:19.0128 1748        ggflt          (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys
18:22:19.0128 1748        ggflt - ok
18:22:19.0144 1748        ggsemc          (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys
18:22:19.0144 1748        ggsemc - ok
18:22:19.0160 1748        GMSIPCI - ok
18:22:19.0191 1748        GT72NDISIPXP    (e69d3bff7ae9c6d33419a80e13692c2f) C:\Windows\system32\DRIVERS\Gt51Ip.sys
18:22:19.0222 1748        GT72NDISIPXP - ok
18:22:19.0253 1748        GT72UBUS        (7e1ef45f4287614ac48e5ad7b5b46d70) C:\Windows\system32\DRIVERS\gt72ubus.sys
18:22:19.0269 1748        GT72UBUS - ok
18:22:19.0300 1748        GTPTSER        (261cd8a73e74b496c29007ea761cda05) C:\Windows\system32\DRIVERS\gtptser.sys
18:22:19.0332 1748        GTPTSER - ok
18:22:19.0457 1748        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:22:19.0488 1748        hcw85cir - ok
18:22:19.0519 1748        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:22:19.0535 1748        HdAudAddService - ok
18:22:19.0582 1748        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:22:19.0597 1748        HDAudBus - ok
18:22:19.0628 1748        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:22:19.0644 1748        HidBatt - ok
18:22:19.0660 1748        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:22:19.0691 1748        HidBth - ok
18:22:19.0707 1748        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:22:19.0722 1748        HidIr - ok
18:22:19.0769 1748        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:22:19.0785 1748        HidUsb - ok
18:22:19.0816 1748        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:22:19.0816 1748        HpSAMD - ok
18:22:19.0863 1748        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:22:19.0910 1748        HTTP - ok
18:22:19.0957 1748        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:22:19.0957 1748        hwpolicy - ok
18:22:19.0988 1748        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:22:20.0003 1748        i8042prt - ok
18:22:20.0035 1748        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:22:20.0050 1748        iaStorV - ok
18:22:20.0082 1748        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:22:20.0082 1748        iirsp - ok
18:22:20.0160 1748        IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys
18:22:20.0207 1748        IntcAzAudAddService - ok
18:22:20.0222 1748        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:22:20.0238 1748        intelide - ok
18:22:20.0253 1748        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:22:20.0269 1748        intelppm - ok
18:22:20.0300 1748        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:22:20.0332 1748        IpFilterDriver - ok
18:22:20.0363 1748        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:22:20.0363 1748        IPMIDRV - ok
18:22:20.0378 1748        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:22:20.0425 1748        IPNAT - ok
18:22:20.0457 1748        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:22:20.0488 1748        IRENUM - ok
18:22:20.0519 1748        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:22:20.0519 1748        isapnp - ok
18:22:20.0535 1748        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:22:20.0550 1748        iScsiPrt - ok
18:22:20.0566 1748        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:22:20.0582 1748        kbdclass - ok
18:22:20.0613 1748        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:22:20.0644 1748        kbdhid - ok
18:22:20.0675 1748        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:22:20.0691 1748        KSecDD - ok
18:22:20.0707 1748        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:22:20.0722 1748        KSecPkg - ok
18:22:20.0753 1748        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:22:20.0800 1748        ksthunk - ok
18:22:20.0832 1748        LHidFilt        (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:22:20.0847 1748        LHidFilt - ok
18:22:20.0878 1748        lirsgt          (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
18:22:20.0894 1748        lirsgt - ok
18:22:20.0925 1748        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:22:20.0957 1748        lltdio - ok
18:22:20.0988 1748        LMouFilt        (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:22:21.0003 1748        LMouFilt - ok
18:22:21.0019 1748        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:22:21.0035 1748        LSI_FC - ok
18:22:21.0050 1748        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:22:21.0066 1748        LSI_SAS - ok
18:22:21.0082 1748        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:22:21.0097 1748        LSI_SAS2 - ok
18:22:21.0113 1748        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:22:21.0113 1748        LSI_SCSI - ok
18:22:21.0144 1748        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:22:21.0175 1748        luafv - ok
18:22:21.0191 1748        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:22:21.0207 1748        megasas - ok
18:22:21.0222 1748        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:22:21.0238 1748        MegaSR - ok
18:22:21.0269 1748        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:22:21.0300 1748        Modem - ok
18:22:21.0332 1748        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:22:21.0363 1748        monitor - ok
18:22:21.0394 1748        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:22:21.0410 1748        mouclass - ok
18:22:21.0441 1748        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:22:21.0457 1748        mouhid - ok
18:22:21.0488 1748        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:22:21.0488 1748        mountmgr - ok
18:22:21.0519 1748        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:22:21.0535 1748        mpio - ok
18:22:21.0550 1748        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:22:21.0582 1748        mpsdrv - ok
18:22:21.0613 1748        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:22:21.0660 1748        MRxDAV - ok
18:22:21.0691 1748        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:22:21.0722 1748        mrxsmb - ok
18:22:21.0753 1748        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:22:21.0769 1748        mrxsmb10 - ok
18:22:21.0800 1748        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:22:21.0816 1748        mrxsmb20 - ok
18:22:21.0847 1748        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:22:21.0847 1748        msahci - ok
18:22:21.0878 1748        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:22:21.0894 1748        msdsm - ok
18:22:21.0925 1748        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:22:21.0957 1748        Msfs - ok
18:22:21.0972 1748        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:22:22.0019 1748        mshidkmdf - ok
18:22:22.0050 1748        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:22:22.0066 1748        msisadrv - ok
18:22:22.0097 1748        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:22:22.0128 1748        MSKSSRV - ok
18:22:22.0128 1748        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:22:22.0175 1748        MSPCLOCK - ok
18:22:22.0175 1748        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:22:22.0222 1748        MSPQM - ok
18:22:22.0253 1748        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:22:22.0269 1748        MsRPC - ok
18:22:22.0300 1748        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:22:22.0316 1748        mssmbios - ok
18:22:22.0332 1748        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:22:22.0378 1748        MSTEE - ok
18:22:22.0394 1748        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:22:22.0410 1748        MTConfig - ok
18:22:22.0441 1748        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:22:22.0441 1748        Mup - ok
18:22:22.0488 1748        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:22:22.0503 1748        NativeWifiP - ok
18:22:22.0535 1748        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:22:22.0566 1748        NDIS - ok
18:22:22.0582 1748        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:22:22.0613 1748        NdisCap - ok
18:22:22.0628 1748        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:22:22.0675 1748        NdisTapi - ok
18:22:22.0707 1748        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:22:22.0738 1748        Ndisuio - ok
18:22:22.0769 1748        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:22:22.0800 1748        NdisWan - ok
18:22:22.0832 1748        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:22:22.0878 1748        NDProxy - ok
18:22:22.0894 1748        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:22:22.0925 1748        NetBIOS - ok
18:22:22.0957 1748        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:22:23.0003 1748        NetBT - ok
18:22:23.0050 1748        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:22:23.0050 1748        nfrd960 - ok
18:22:23.0082 1748        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:22:23.0113 1748        Npfs - ok
18:22:23.0128 1748        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:22:23.0160 1748        nsiproxy - ok
18:22:23.0222 1748        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:22:23.0253 1748        Ntfs - ok
18:22:23.0285 1748        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:22:23.0316 1748        Null - ok
18:22:23.0519 1748        nvlddmkm        (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:22:23.0785 1748        nvlddmkm - ok
18:22:23.0816 1748        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:22:23.0816 1748        nvraid - ok
18:22:23.0847 1748        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:22:23.0863 1748        nvstor - ok
18:22:23.0910 1748        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:22:23.0910 1748        nv_agp - ok
18:22:23.0941 1748        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:22:23.0957 1748        ohci1394 - ok
18:22:24.0003 1748        PAC7311        (7c13fb24315fd6d2894f2e41e8276183) C:\Windows\system32\DRIVERS\PA707UCM.SYS
18:22:24.0035 1748        PAC7311 - ok
18:22:24.0066 1748        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:22:24.0082 1748        Parport - ok
18:22:24.0113 1748        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:22:24.0113 1748        partmgr - ok
18:22:24.0144 1748        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:22:24.0160 1748        pci - ok
18:22:24.0191 1748        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:22:24.0191 1748        pciide - ok
18:22:24.0222 1748        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:22:24.0238 1748        pcmcia - ok
18:22:24.0253 1748        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:22:24.0253 1748        pcw - ok
18:22:24.0285 1748        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:22:24.0316 1748        PEAUTH - ok
18:22:24.0394 1748        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:22:24.0425 1748        PptpMiniport - ok
18:22:24.0425 1748        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:22:24.0457 1748        Processor - ok
18:22:24.0503 1748        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:22:24.0535 1748        Psched - ok
18:22:24.0582 1748        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:22:24.0628 1748        ql2300 - ok
18:22:24.0644 1748        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:22:24.0644 1748        ql40xx - ok
18:22:24.0660 1748        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:22:24.0691 1748        QWAVEdrv - ok
18:22:24.0707 1748        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:22:24.0738 1748        RasAcd - ok
18:22:24.0769 1748        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:22:24.0800 1748        RasAgileVpn - ok
18:22:24.0832 1748        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:22:24.0863 1748        Rasl2tp - ok
18:22:24.0878 1748        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:22:24.0925 1748        RasPppoe - ok
18:22:24.0941 1748        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:22:24.0988 1748        RasSstp - ok
18:22:25.0019 1748        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:22:25.0050 1748        rdbss - ok
18:22:25.0082 1748        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:22:25.0097 1748        rdpbus - ok
18:22:25.0113 1748        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:22:25.0144 1748        RDPCDD - ok
18:22:25.0191 1748        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
18:22:25.0207 1748        RDPDR - ok
18:22:25.0238 1748        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:22:25.0269 1748        RDPENCDD - ok
18:22:25.0285 1748        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:22:25.0316 1748        RDPREFMP - ok
18:22:25.0363 1748        RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
18:22:25.0378 1748        RdpVideoMiniport - ok
18:22:25.0410 1748        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:22:25.0441 1748        RDPWD - ok
18:22:25.0488 1748        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:22:25.0488 1748        rdyboost - ok
18:22:25.0550 1748        Revoflt        (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
18:22:25.0550 1748        Revoflt - ok
18:22:25.0597 1748        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:22:25.0644 1748        rspndr - ok
18:22:25.0675 1748        RTL8167        (f65f171165fbb613f7aa3cc78e8cab42) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:22:25.0691 1748        RTL8167 - ok
18:22:25.0738 1748        RTL8187B        (f70a9384917659a4c5ef30f0f4ec484d) C:\Windows\system32\DRIVERS\RTL8187B.sys
18:22:25.0769 1748        RTL8187B - ok
18:22:25.0800 1748        s0016bus        (ea268bce30691c2dd24f02e617fd2eb5) C:\Windows\system32\DRIVERS\s0016bus.sys
18:22:25.0800 1748        s0016bus - ok
18:22:25.0847 1748        s0016mdfl      (f5f9deb89996d333ef976624d37e24e3) C:\Windows\system32\DRIVERS\s0016mdfl.sys
18:22:25.0847 1748        s0016mdfl - ok
18:22:25.0863 1748        s0016mdm        (c17ce2aee67480febcc36eccb54c0be8) C:\Windows\system32\DRIVERS\s0016mdm.sys
18:22:25.0863 1748        s0016mdm - ok
18:22:25.0894 1748        s0016mgmt      (cc267f04c54c5ec5b7bd658d7628469f) C:\Windows\system32\DRIVERS\s0016mgmt.sys
18:22:25.0910 1748        s0016mgmt - ok
18:22:25.0925 1748        s0016nd5        (30a35bbce09d9fe67482fd62c61911fc) C:\Windows\system32\DRIVERS\s0016nd5.sys
18:22:25.0925 1748        s0016nd5 - ok
18:22:25.0957 1748        s0016obex      (ca394dcc38579c7ad82e83ee64d798a0) C:\Windows\system32\DRIVERS\s0016obex.sys
18:22:25.0957 1748        s0016obex - ok
18:22:26.0003 1748        s0016unic      (eb267ccea84e6e8598d92f73332ac67b) C:\Windows\system32\DRIVERS\s0016unic.sys
18:22:26.0019 1748        s0016unic - ok
18:22:26.0035 1748        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
18:22:26.0066 1748        s3cap - ok
18:22:26.0113 1748        s816bus        (81f778d9f3f71f48f498ca1f773d1539) C:\Windows\system32\DRIVERS\s816bus.sys
18:22:26.0113 1748        s816bus - ok
18:22:26.0160 1748        s816mdfl        (3f4e14192b72a148dd508329e04affd4) C:\Windows\system32\DRIVERS\s816mdfl.sys
18:22:26.0160 1748        s816mdfl - ok
18:22:26.0175 1748        s816mdm        (17a29b53dfd7e9cd8043b7adadb83f22) C:\Windows\system32\DRIVERS\s816mdm.sys
18:22:26.0175 1748        s816mdm - ok
18:22:26.0207 1748        s816mgmt        (f9ba1c5df3854d36ea1f7086feb97643) C:\Windows\system32\DRIVERS\s816mgmt.sys
18:22:26.0222 1748        s816mgmt - ok
18:22:26.0253 1748        s816nd5        (0323c1accd67844304d69e6bfd93e52d) C:\Windows\system32\DRIVERS\s816nd5.sys
18:22:26.0269 1748        s816nd5 - ok
18:22:26.0300 1748        s816obex        (f8e19bfb8a67407cd54c5fd63f7b3c17) C:\Windows\system32\DRIVERS\s816obex.sys
18:22:26.0300 1748        s816obex - ok
18:22:26.0332 1748        s816unic        (b8a998b3a7d6da10221d479e4dde5ef7) C:\Windows\system32\DRIVERS\s816unic.sys
18:22:26.0332 1748        s816unic - ok
18:22:26.0363 1748        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:22:26.0378 1748        sbp2port - ok
18:22:26.0394 1748        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:22:26.0425 1748        scfilter - ok
18:22:26.0472 1748        ScreamBAudioSvc (e03b9294a9b70a214328b2b518f20db0) C:\Windows\system32\drivers\ScreamingBAudio64.sys
18:22:26.0488 1748        ScreamBAudioSvc - ok
18:22:26.0519 1748        seehcri        (ede7a1d2715aac2190d51dc07afd44e3) C:\Windows\system32\DRIVERS\seehcri.sys
18:22:26.0550 1748        seehcri - ok
18:22:26.0582 1748        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:22:26.0597 1748        Serenum - ok
18:22:26.0628 1748        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:22:26.0660 1748        Serial - ok
18:22:26.0675 1748        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:22:26.0691 1748        sermouse - ok
18:22:26.0722 1748        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:22:26.0753 1748        sffdisk - ok
18:22:26.0769 1748        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:22:26.0769 1748        sffp_mmc - ok
18:22:26.0785 1748        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:22:26.0800 1748        sffp_sd - ok
18:22:26.0816 1748        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:22:26.0847 1748        sfloppy - ok
18:22:26.0878 1748        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:22:26.0878 1748        SiSRaid2 - ok
18:22:26.0910 1748        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:22:26.0910 1748        SiSRaid4 - ok
18:22:26.0941 1748        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:22:26.0972 1748        Smb - ok
18:22:27.0003 1748        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:22:27.0019 1748        spldr - ok
18:22:27.0082 1748        sptd            (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
18:22:27.0113 1748        sptd - ok
18:22:27.0144 1748        SRS_SSCFilter  (83be26217fd07b3613d151d24aaa9beb) C:\Windows\system32\drivers\srs_sscfilter_amd64.sys
18:22:27.0160 1748        SRS_SSCFilter - ok
18:22:27.0191 1748        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:22:27.0222 1748        srv - ok
18:22:27.0253 1748        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:22:27.0269 1748        srv2 - ok
18:22:27.0316 1748        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:22:27.0332 1748        srvnet - ok
18:22:27.0410 1748        ss_bbus        (ef806d212d34b0e173baeb3564d53e37) C:\Windows\system32\DRIVERS\ss_bbus.sys
18:22:27.0425 1748        ss_bbus - ok
18:22:27.0457 1748        ss_bmdfl        (08b1b34abebeb6ac2dea06900c56411e) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
18:22:27.0457 1748        ss_bmdfl - ok
18:22:27.0488 1748        ss_bmdm        (71a9da6beaa4cb54dfb827fb78600a5d) C:\Windows\system32\DRIVERS\ss_bmdm.sys
18:22:27.0488 1748        ss_bmdm - ok
18:22:27.0535 1748        StarOpen        (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
18:22:27.0535 1748        StarOpen ( UnsignedFile.Multi.Generic ) - warning
18:22:27.0535 1748        StarOpen - detected UnsignedFile.Multi.Generic (1)
18:22:27.0566 1748        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:22:27.0582 1748        stexstor - ok
18:22:27.0613 1748        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
18:22:27.0613 1748        storflt - ok
18:22:27.0628 1748        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
18:22:27.0644 1748        storvsc - ok
18:22:27.0660 1748        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:22:27.0675 1748        swenum - ok
18:22:27.0707 1748        Synth3dVsc - ok
18:22:27.0785 1748        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:22:27.0847 1748        Tcpip - ok
18:22:27.0878 1748        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:22:27.0910 1748        TCPIP6 - ok
18:22:27.0957 1748        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:22:27.0988 1748        tcpipreg - ok
18:22:28.0019 1748        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:22:28.0035 1748        TDPIPE - ok
18:22:28.0050 1748        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:22:28.0066 1748        TDTCP - ok
18:22:28.0113 1748        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:22:28.0144 1748        tdx - ok
18:22:28.0191 1748        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:22:28.0191 1748        TermDD - ok
18:22:28.0222 1748        TFsExDisk      (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
18:22:28.0238 1748        TFsExDisk - ok
18:22:28.0285 1748        truecrypt      (370a6907ddf79532a39319492b1fa38a) C:\Windows\system32\drivers\truecrypt.sys
18:22:28.0300 1748        truecrypt - ok
18:22:28.0332 1748        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:22:28.0363 1748        tssecsrv - ok
18:22:28.0410 1748        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:22:28.0425 1748        TsUsbFlt - ok
18:22:28.0441 1748        tsusbhub - ok
18:22:28.0472 1748        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:22:28.0519 1748        tunnel - ok
18:22:28.0535 1748        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:22:28.0550 1748        uagp35 - ok
18:22:28.0582 1748        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:22:28.0613 1748        udfs - ok
18:22:28.0644 1748        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:22:28.0660 1748        uliagpkx - ok
18:22:28.0675 1748        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:22:28.0691 1748        umbus - ok
18:22:28.0722 1748        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:22:28.0738 1748        UmPass - ok
18:22:28.0753 1748        USBAAPL64      (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:22:28.0769 1748        USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
18:22:28.0769 1748        USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
18:22:28.0800 1748        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:22:28.0816 1748        usbaudio - ok
18:22:28.0832 1748        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:22:28.0863 1748        usbccgp - ok
18:22:28.0894 1748        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:22:28.0910 1748        usbcir - ok
18:22:28.0941 1748        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
18:22:28.0957 1748        usbehci - ok
18:22:28.0988 1748        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
18:22:29.0003 1748        usbhub - ok
18:22:29.0019 1748        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:22:29.0035 1748        usbohci - ok
18:22:29.0066 1748        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:22:29.0082 1748        usbprint - ok
18:22:29.0097 1748        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:22:29.0113 1748        usbscan - ok
18:22:29.0144 1748        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:22:29.0160 1748        USBSTOR - ok
18:22:29.0175 1748        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:22:29.0191 1748        usbuhci - ok
18:22:29.0222 1748        VBoxDrv        (c30f3d43ceb6f79ade9b805387e5f63c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
18:22:29.0238 1748        VBoxDrv - ok
18:22:29.0269 1748        VBoxNetAdp      (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
18:22:29.0285 1748        VBoxNetAdp - ok
18:22:29.0316 1748        VBoxNetFlt      (7b657669c53a0e6583f07ebaa303d9ea) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
18:22:29.0316 1748        VBoxNetFlt - ok
18:22:29.0363 1748        VBoxUSB        (bcfe50247fbe5c8cb2e22fa5938ea6f7) C:\Windows\system32\Drivers\VBoxUSB.sys
18:22:29.0363 1748        VBoxUSB - ok
18:22:29.0410 1748        VBoxUSBMon      (cf3ee68cd9723e9f21e3198a0f690400) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
18:22:29.0410 1748        VBoxUSBMon - ok
18:22:29.0441 1748        VClone          (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
18:22:29.0472 1748        VClone - ok
18:22:29.0503 1748        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:22:29.0503 1748        vdrvroot - ok
18:22:29.0535 1748        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:22:29.0535 1748        vga - ok
18:22:29.0550 1748        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:22:29.0582 1748        VgaSave - ok
18:22:29.0613 1748        VGPU - ok
18:22:29.0628 1748        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:22:29.0644 1748        vhdmp - ok
18:22:29.0675 1748        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:22:29.0675 1748        viaide - ok
18:22:29.0691 1748        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
18:22:29.0707 1748        vmbus - ok
18:22:29.0722 1748        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
18:22:29.0738 1748        VMBusHID - ok
18:22:29.0769 1748        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:22:29.0769 1748        volmgr - ok
18:22:29.0800 1748        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:22:29.0816 1748        volmgrx - ok
18:22:29.0832 1748        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:22:29.0847 1748        volsnap - ok
18:22:29.0878 1748        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:22:29.0878 1748        vsmraid - ok
18:22:29.0910 1748        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:22:29.0925 1748        vwifibus - ok
18:22:29.0941 1748        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:22:29.0957 1748        WacomPen - ok
18:22:29.0988 1748        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:30.0019 1748        WANARP - ok
18:22:30.0035 1748        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:30.0050 1748        Wanarpv6 - ok
18:22:30.0097 1748        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:22:30.0113 1748        Wd - ok
18:22:30.0128 1748        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:22:30.0160 1748        Wdf01000 - ok
18:22:30.0207 1748        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:22:30.0222 1748        WfpLwf - ok
18:22:30.0253 1748        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:22:30.0253 1748        WIMMount - ok
18:22:30.0316 1748        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:22:30.0332 1748        WinUsb - ok
18:22:30.0363 1748        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:22:30.0378 1748        WmiAcpi - ok
18:22:30.0410 1748        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:22:30.0441 1748        ws2ifsl - ok
18:22:30.0472 1748        WsAudio_DeviceS(1) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
18:22:30.0488 1748        WsAudio_DeviceS(1) - ok
18:22:30.0519 1748        WsAudio_DeviceS(2) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
18:22:30.0519 1748        WsAudio_DeviceS(2) - ok
18:22:30.0535 1748        WsAudio_DeviceS(3) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
18:22:30.0550 1748        WsAudio_DeviceS(3) - ok
18:22:30.0566 1748        WsAudio_DeviceS(4) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
18:22:30.0566 1748        WsAudio_DeviceS(4) - ok
18:22:30.0582 1748        WsAudio_DeviceS(5) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
18:22:30.0597 1748        WsAudio_DeviceS(5) - ok
18:22:30.0628 1748        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:22:30.0660 1748        WudfPf - ok
18:22:30.0707 1748        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:22:30.0738 1748        WUDFRd - ok
18:22:30.0800 1748        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:22:30.0894 1748        \Device\Harddisk0\DR0 - ok
18:22:30.0894 1748        Boot (0x1200)  (92cb0a444f5f895e06aee7682f61d01b) \Device\Harddisk0\DR0\Partition0
18:22:30.0894 1748        \Device\Harddisk0\DR0\Partition0 - ok
18:22:30.0941 1748        Boot (0x1200)  (c4a64d34ca2d9bbb6b8201c770b8ac04) \Device\Harddisk0\DR0\Partition1
18:22:30.0941 1748        \Device\Harddisk0\DR0\Partition1 - ok
18:22:30.0957 1748        Boot (0x1200)  (89391f71fe6fa9b1792526e0c14baa51) \Device\Harddisk0\DR0\Partition2
18:22:30.0957 1748        \Device\Harddisk0\DR0\Partition2 - ok
18:22:30.0957 1748        ============================================================
18:22:30.0957 1748        Scan finished
18:22:30.0957 1748        ============================================================
18:22:30.0972 0932        Detected object count: 2
18:22:30.0972 0932        Actual detected object count: 2
18:23:11.0332 0932        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:11.0332 0932        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:23:11.0332 0932        USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:11.0332 0932        USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg 19.03.2012 18:31
in den normalen modus kannst du ja prinzipiell wieder oder?
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Beagles 19.03.2012 18:43
Im normalen Modus veranstalten Combofix und die "Hardware-Defekt-Fehlermeldungen" weiterhin ein Bildschirmfeuerwerk und das System ist nicht wirklich benutzbar. Abmelden und sauber neu starten - das klappt.

Und den abgesicherten Modus mag Malwarebytes ja leider nicht...
EDIT: Oh, wohl nicht als Admin gestart. Jetzt scannt es im abgesicherten Modus. Log folgt.


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:24 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131