Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Weiterleitung über fresh-weather.com bei Google (https://www.trojaner-board.de/121918-weiterleitung-fresh-weather-com-google.html)

wecker23 12.08.2012 15:43
Weiterleitung über fresh-weather.com bei Google
 
Hallo,
seit kurzem werde ich beim verwenden der Google-Suche manchmal auf irgendwelche Seiten wie z.B. eBay über fresh-weather.com weitergeleitet.
Aber manchmal öffnen sich auch einfach so irgendwelche Seiten, während ich mir z.B. ein Video auf Youtube anschaue.

Hier die Logs:

Code:
OTL logfile created on: 12.08.2012 15:33:29 - Run 1
OTL by OldTimer - Version 3.2.57.0    Folder = C:\Users\***\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 79,36% Memory free
6,49 Gb Paging File | 5,51 Gb Available in Paging File | 84,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,79 Gb Total Space | 40,50 Gb Free Space | 45,61% Space Free | Partition Type: NTFS
Drive E: | 39,06 Gb Total Space | 23,13 Gb Free Space | 59,22% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.12 15:32:24 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2012.07.18 18:04:42 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.07.10 17:21:22 | 000,322,560 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) -- C:\Tools\USBDLM\USBDLM.exe
PRC - [2011.07.10 10:04:22 | 000,018,944 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) -- C:\Tools\USBDLM\USBDLM_usr.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.06 01:04:01 | 000,215,040 | ---- | M] (Bernhard Fomm, Munich) -- C:\Programme\AutoRunnerU\arusrv.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 23:29:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.11.20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.02.10 08:52:20 | 001,713,152 | R--- | M] (VIA) -- C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009.08.18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.05 04:27:48 | 000,008,704 | ---- | M] () -- C:\Users\***\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\GetCoreTempInfoNET.dll
MOD - [2012.07.05 04:27:48 | 000,007,680 | ---- | M] () -- C:\Users\***\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\SystemInfo.dll
MOD - [2012.07.05 04:27:48 | 000,006,144 | ---- | M] () -- C:\Users\***\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\CoreTempReader.dll
MOD - [2012.05.13 15:03:34 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.03.27 22:11:04 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2010.11.20 23:29:12 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL
MOD - [2010.11.20 23:29:12 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.11.03 05:11:50 | 047,628,288 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\skin.dll
MOD - [2009.05.07 10:53:18 | 000,106,496 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [2009.05.07 10:50:46 | 000,073,728 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2008.02.14 07:57:00 | 000,094,208 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll
MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe
MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.06 23:04:01 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.07.10 17:21:22 | 000,322,560 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) [Auto | Running] -- C:\Tools\USBDLM\USBDLM.exe -- (USBDLM)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Disabled | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.01.19 07:40:00 | 004,225,592 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nvlddmkm.sys -- (nvlddmkm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.12.08 06:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.12.08 06:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.12.08 06:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011.06.27 21:02:10 | 000,244,736 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.04.16 16:56:41 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.04.03 21:14:30 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.10.22 03:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.01.11 12:02:44 | 001,119,232 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2009.07.17 05:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.05.07 22:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2007.01.26 02:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=3
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{58A22DA9-8CDF-42FD-A8BB-2CDBCEB80652}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{782AAE6B-D12F-4DA4-BDD5-707302EC7684}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=efab0fca-506e-4361-9d49-968e169017c3&apn_sauid=730EB986-AB31-41F8-8E28-3F6E60D4C599
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.02 21:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.17 14:57:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.03 15:10:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.06.23 12:19:30 | 000,000,000 | ---D | M]
 
[2012.08.02 21:05:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.08.03 13:12:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wmf5gtdt.default\extensions
[2012.08.03 13:12:24 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wmf5gtdt.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.08.02 21:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.05.07 18:30:55 | 000,001,039 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 192.168.178.1        fritz.box
O1 - Hosts: 127.0.0.1        localhost
O1 - Hosts: 127.0.0.1 qoa-a.com
O1 - Hosts: 127.0.0.1 horad-fo.com
O1 - Hosts: 127.0.0.1 spatbe-w.com
O1 - Hosts: 127.0.0.1 dns.msftncsi.com
O1 - Hosts: 127.0.0.1 msftncsi.com
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found.
O4 - HKLM..\Run: [AutoRunnerU] C:\Program Files\AutoRunnerU\arusrv.exe (Bernhard Fomm, Munich)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7490F3E8-8803-4B4E-9279-8A47B408A577}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{350e96e1-4d03-11e0-be39-bcaec52cac5a}\Shell - "" = AutoRun
O33 - MountPoints2\{350e96e1-4d03-11e0-be39-bcaec52cac5a}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{432920d7-6518-11e0-8642-bcaec52cac5a}\Shell - "" = AutoRun
O33 - MountPoints2\{432920d7-6518-11e0-8642-bcaec52cac5a}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.03 13:38:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{ABE15784-02DD-40EA-854E-BD2615EC7C65}
[2012.08.03 13:37:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0EEF0390-5AFF-4DF9-86FD-0491477F23E9}
[2012.08.03 13:26:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux
[2012.08.03 13:26:12 | 000,000,000 | ---D | C] -- C:\Program Files\Avidemux 2.5
[2012.08.03 01:28:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B37E7BE9-58AC-4CFE-8F63-977F7C06054C}
[2012.08.03 01:28:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E6A22C26-EB41-4241-BCBF-40443F03B291}
[2012.08.02 21:05:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.07.31 18:37:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2012.07.31 18:33:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.31 18:33:02 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.07.31 18:33:02 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.07.31 18:33:02 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.07.31 18:33:02 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.07.31 18:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.07.31 18:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.07.22 01:17:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2012.07.19 01:17:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0EAC10B5-6138-487E-8F84-1F053809B32A}
[2012.07.19 01:17:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{23AD8A33-E911-46DE-8F34-7CDDF2726CC8}
[2012.07.19 01:05:44 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.07.19 00:58:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{FF7ED542-F84E-46C8-8491-B1322B088226}
[2012.07.19 00:57:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5B756F30-60C6-49CC-9643-AB377F76CA3A}
[2012.07.17 16:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2012.07.17 16:26:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{7D326874-3B23-4DBE-9AD9-F2EBB58CAAD4}
[2012.07.17 16:25:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B1DFE6D6-459B-4B74-9AA1-DCDA67591D18}
[2012.07.17 14:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.07.17 14:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.12 15:31:56 | 000,000,156 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.08.12 14:43:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.10 15:53:46 | 000,021,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.10 15:53:46 | 000,021,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.10 15:45:58 | 2615,812,096 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.03 21:40:29 | 000,178,176 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.03 13:26:17 | 000,001,000 | ---- | M] () -- C:\Users\Public\Desktop\Avidemux 2.5 (32-bit).lnk
[2012.08.02 21:04:57 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.08.01 14:34:21 | 000,001,175 | ---- | M] () -- C:\Users\***\Desktop\Metro.lnk
[2012.07.31 23:07:34 | 000,699,170 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.31 23:07:34 | 000,654,218 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.31 23:07:34 | 000,149,602 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.31 23:07:34 | 000,122,318 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.31 18:33:44 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.31 18:21:28 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.07.20 19:16:28 | 000,288,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.19 01:49:19 | 000,026,864 | ---- | M] () -- C:\Users\***\Documents\food loop.wlmp
[2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
[2012.08.12 15:31:54 | 000,000,156 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.08.03 13:26:17 | 000,001,000 | ---- | C] () -- C:\Users\Public\Desktop\Avidemux 2.5 (32-bit).lnk
[2012.08.02 21:04:57 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.08.02 21:04:57 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.08.01 14:34:21 | 000,001,175 | ---- | C] () -- C:\Users\***\Desktop\Metro.lnk
[2012.07.31 18:33:44 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.19 01:49:19 | 000,026,864 | ---- | C] () -- C:\Users\***\Documents\food loop.wlmp
[2012.06.10 17:53:25 | 000,000,852 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2012.01.14 15:36:33 | 000,000,128 | ---- | C] () -- C:\Windows\Wininit.ini
[2012.01.03 00:44:26 | 000,002,900 | ---- | C] () -- C:\Users\***\AppData\Roaming\gd.db
[2012.01.03 00:44:26 | 000,000,220 | ---- | C] () -- C:\Users\***\AppData\Roaming\groovedown.settings
[2011.10.15 12:54:29 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011.10.15 12:54:29 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2011.10.15 12:54:29 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2011.09.16 11:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.09.16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.09.16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.09.16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.08.02 15:39:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.31 19:43:32 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.07.31 19:43:32 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.07.16 21:33:40 | 000,242,009 | ---- | C] () -- C:\Users\***\schranke2.jpg
[2011.07.16 21:30:22 | 000,424,620 | ---- | C] () -- C:\Users\***\schranke.jpg
[2011.07.03 16:04:27 | 000,109,056 | ---- | C] () -- C:\Windows\System32\UNINSTAL.EXE
[2011.06.29 10:23:40 | 000,178,176 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.24 20:01:02 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.06.24 20:01:02 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.06.24 19:43:57 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.05.18 19:35:57 | 000,007,598 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.05.01 10:45:35 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.04.28 12:47:03 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2011.04.22 09:28:14 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.04.17 21:09:29 | 000,000,292 | ---- | C] () -- C:\Windows\EReg072.dat
[2011.04.17 21:09:16 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ealtest.exe
[2011.04.09 13:14:30 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011.04.09 13:12:13 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.03.13 11:36:32 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.03.13 01:50:50 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2011.03.13 01:46:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.03.13 01:41:37 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.03.13 01:41:34 | 000,030,234 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.03.12 21:22:30 | 000,401,408 | ---- | C] () -- C:\Windows\System32\wget.exe
[2010.11.21 02:46:14 | 000,699,170 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.11.21 02:46:14 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.11.21 02:46:14 | 000,149,602 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.11.21 02:46:14 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 
========== LOP Check ==========
 
[2011.09.11 13:38:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2011.12.24 15:29:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2011.05.01 10:45:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atari
[2012.05.27 22:33:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2011.06.10 16:07:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2011.07.16 23:47:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVM
[2012.01.12 19:21:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitTorrent
[2012.02.01 20:48:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre
[2011.09.18 20:25:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.05.12 16:51:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.10.15 14:08:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\concept design
[2011.04.17 21:08:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.08.12 14:44:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.07.20 19:47:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.07.11 00:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FlashGet
[2011.10.02 13:03:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fofix
[2012.08.03 23:39:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager
[2012.04.06 23:08:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Garmin
[2011.12.04 15:39:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRight
[2012.04.17 14:59:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Groovedown
[2012.04.01 01:44:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.06.19 22:52:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Guitar Pro 6
[2011.05.10 19:08:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.01.03 00:44:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\lang
[2011.05.01 10:45:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2011.12.22 22:05:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\My Games
[2011.07.15 23:12:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.04.03 15:59:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2011.12.04 15:35:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit
[2011.12.04 15:23:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProgSense
[2011.10.21 12:42:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.05.20 19:35:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SKAT
[2011.05.05 22:06:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.03.04 19:11:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.04.03 16:00:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
[2012.05.12 17:32:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Webocton - Scriptly
[2012.06.09 19:03:37 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB64217$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.12.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

12.08.2012 16:04:56
mbam-log-2012-08-12 (16-17-01).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 186838
Laufzeit: 9 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=3) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Danke das ihr mir hilft!

cosinus 16.08.2012 13:13
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

wecker23 18.08.2012 14:24
Malwarebytes konnte mit dem Vollscan keine bösartigen Objekte mehr finden.
Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.18.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

18.08.2012 10:32:12
mbam-log-2012-08-18 (10-32-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 350806
Laufzeit: 2 Stunde(n), 38 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
ESET hatte 2 Funde
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4ccb2c6bde050548abfacea0f35c08a1
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-18 11:51:47
# local_time=2012-08-18 01:51:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1537838 1537838 0 0
# compatibility_mode=5893 16776574 66 94 45344188 96921410 0 0
# compatibility_mode=8192 67108863 100 0 78 78 0 0
# scanned=40199
# found=0
# cleaned=0
# scan_time=487
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4ccb2c6bde050548abfacea0f35c08a1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-18 01:01:08
# local_time=2012-08-18 03:01:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1538387 1538387 0 0
# compatibility_mode=5893 16776574 66 94 45344737 96921959 0 0
# compatibility_mode=8192 67108863 100 0 627 627 0 0
# scanned=178062
# found=3
# cleaned=0
# scan_time=4100
C:\Users\***\AppData\Roaming\OpenCandy\OpenCandy_C765DFF1FF964ACFA3068C9FCA15B946\registrybooster21.exe        a variant of Win32/RegistryBooster application (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\AppData\Roaming\OpenCandy\OpenCandy_C765DFF1FF964ACFA3068C9FCA15B946\registrybooster21Wrapped.exe        a variant of Win32/RegistryBooster application (unable to clean)        00000000000000000000000000000000        I
${Memory}        a variant of Win32/Sirefef.EZ trojan        00000000000000000000000000000000        I

cosinus 18.08.2012 14:40
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

wecker23 18.08.2012 14:47
Code:
# AdwCleaner v1.801 - Logfile created 08/18/2012 at 15:44:58
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : *** - ***-PC
# Boot Mode : Normal
# Running from : C:\Users\***\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\***\AppData\Local\OpenCandy
Folder Found : C:\Users\***\AppData\Local\Temp\AskSearch
Folder Found : C:\Users\***\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\***\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\StartSearch
Key Found : HKLM\SOFTWARE\Adobe\OpenCandy
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wmf5gtdt.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1736 octets] - [18/08/2012 15:44:58]

########## EOF - C:\AdwCleaner[R1].txt - [1864 octets] ##########

cosinus 19.08.2012 17:36
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

wecker23 19.08.2012 20:02
Code:
# AdwCleaner v1.801 - Logfile created 08/19/2012 at 20:58:34
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : *** - ***-PC
# Boot Mode : Normal
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\***\AppData\Local\OpenCandy
Folder Deleted : C:\Users\***\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\***\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\***\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKLM\SOFTWARE\Adobe\OpenCandy
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wmf5gtdt.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1849 octets] - [18/08/2012 15:44:58]
AdwCleaner[S1].txt - [1820 octets] - [19/08/2012 20:58:34]

########## EOF - C:\AdwCleaner[S1].txt - [1948 octets] ##########

cosinus 20.08.2012 21:35
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

wecker23 23.08.2012 06:20
Der normale modus von Windows funkioniert einwandfrei.
Im Startmenü vermisse ich nichts.

cosinus 30.08.2012 13:35
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

wecker23 03.09.2012 22:23
Hi,
hier erstmal das Log:
Code:
OTL logfile created on: 03.09.2012 20:34:17 - Run 2
OTL by OldTimer - Version 3.2.60.0    Folder = C:\Users\***\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 66,79% Memory free
6,49 Gb Paging File | 5,39 Gb Available in Paging File | 82,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,79 Gb Total Space | 43,46 Gb Free Space | 48,95% Space Free | Partition Type: NTFS
Drive E: | 39,06 Gb Total Space | 17,66 Gb Free Space | 45,20% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.03 20:31:43 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL(1).exe
PRC - [2012.07.18 18:04:42 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.14 02:13:42 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.07.10 17:21:22 | 000,322,560 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) -- C:\Tools\USBDLM\USBDLM.exe
PRC - [2011.07.10 10:04:22 | 000,018,944 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) -- C:\Tools\USBDLM\USBDLM_usr.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.06 01:04:01 | 000,215,040 | ---- | M] (Bernhard Fomm, Munich) -- C:\Programme\AutoRunnerU\arusrv.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.02.10 08:52:20 | 001,713,152 | R--- | M] (VIA) -- C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009.08.18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.14 02:14:07 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.05.01 10:45:35 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
MOD - [2011.03.27 22:11:04 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2011.03.02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.02.09 02:56:38 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2010.11.20 23:29:12 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL
MOD - [2010.11.20 23:29:12 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2009.11.03 05:11:50 | 047,628,288 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\skin.dll
MOD - [2009.05.07 10:53:18 | 000,106,496 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [2009.05.07 10:50:46 | 000,073,728 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2008.02.14 07:57:00 | 000,094,208 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll
MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe
MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.04.06 23:04:01 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.07.10 17:21:22 | 000,322,560 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) [Auto | Running] -- C:\Tools\USBDLM\USBDLM.exe -- (USBDLM)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Disabled | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.01.19 07:40:00 | 004,225,592 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nvlddmkm.sys -- (nvlddmkm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.12.08 06:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.12.08 06:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.12.08 06:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011.06.27 21:02:10 | 000,244,736 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.04.16 16:56:41 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.04.03 21:14:30 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.10.22 03:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.01.11 12:02:44 | 001,119,232 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2009.07.17 05:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.05.07 22:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2007.01.26 02:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{58A22DA9-8CDF-42FD-A8BB-2CDBCEB80652}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1243239617-4095160196-876427130-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1243239617-4095160196-876427130-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1243239617-4095160196-876427130-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1243239617-4095160196-876427130-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1243239617-4095160196-876427130-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1243239617-4095160196-876427130-1000\..\SearchScopes\{782AAE6B-D12F-4DA4-BDD5-707302EC7684}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=efab0fca-506e-4361-9d49-968e169017c3&apn_sauid=730EB986-AB31-41F8-8E28-3F6E60D4C599
IE - HKU\S-1-5-21-1243239617-4095160196-876427130-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.02 21:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.17 14:57:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.03 15:10:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.06.23 12:19:30 | 000,000,000 | ---D | M]
 
[2012.08.02 21:05:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.08.03 13:12:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wmf5gtdt.default\extensions
[2012.08.03 13:12:24 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wmf5gtdt.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.08.20 19:57:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.20 19:57:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.05.07 18:30:55 | 000,001,039 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 192.168.178.1        fritz.box
O1 - Hosts: 87.236.198.182        otr.com
O1 - Hosts: 127.0.0.1        localhost
O1 - Hosts: 127.0.0.1        meine-ecke.lh
O1 - Hosts: 127.0.0.1 qoa-a.com
O1 - Hosts: 127.0.0.1 horad-fo.com
O1 - Hosts: 127.0.0.1 spatbe-w.com
O1 - Hosts: 127.0.0.1 dns.msftncsi.com
O1 - Hosts: 127.0.0.1 msftncsi.com
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AutoRunnerU] C:\Program Files\AutoRunnerU\arusrv.exe (Bernhard Fomm, Munich)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKU\S-1-5-21-1243239617-4095160196-876427130-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7490F3E8-8803-4B4E-9279-8A47B408A577}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{350e96e1-4d03-11e0-be39-bcaec52cac5a}\Shell - "" = AutoRun
O33 - MountPoints2\{350e96e1-4d03-11e0-be39-bcaec52cac5a}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{432920d7-6518-11e0-8642-bcaec52cac5a}\Shell - "" = AutoRun
O33 - MountPoints2\{432920d7-6518-11e0-8642-bcaec52cac5a}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: wuauserv -  File not found
NetSvcs: BITS -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: 4StoryPrePatch - hkey= - key= - C:\Programme\Gameforge4D\4Story\PrePatch.exe (Zamiinc)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
MsConfig - StartUpReg: Google Update - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig - StartUpReg: KiesPDLR - hkey= - key= - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: Pando Media Booster - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RSShutdown - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SharedAccess -  File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.MP42 - MPG4C32.dll File not found
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.x264 - C:\Programme\x264vfw\x264vfw.dll (x264vfw project)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.20 19:56:56 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.08.20 19:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.08.20 19:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.08.19 21:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2012.08.18 13:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.08.15 14:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EarMaster School 5
[2012.08.15 14:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\EarMaster School 5
[2012.08.15 14:44:25 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\EarMaster
[2012.08.15 14:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\EarMaster
[2012.08.12 16:03:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.08.12 16:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.12 16:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.12 16:03:20 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.12 16:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.03 20:35:21 | 000,021,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.03 20:35:21 | 000,021,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.03 20:27:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.03 20:27:36 | 2615,812,096 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.23 23:42:21 | 000,699,170 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.23 23:42:21 | 000,654,218 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.23 23:42:21 | 000,149,602 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.23 23:42:21 | 000,122,318 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.20 19:56:56 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.08.18 15:44:34 | 000,618,227 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.08.15 20:27:14 | 000,001,766 | ---- | M] () -- C:\Users\***\Desktop\EarMaster.lnk
[2012.08.12 16:03:21 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.12 15:31:56 | 000,000,156 | ---- | M] () -- C:\Users\***\defogger_reenable
 
========== Files Created - No Company Name ==========
 
[2012.08.19 21:44:49 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.08.19 21:44:49 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.08.19 21:44:49 | 000,153,088 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2012.08.18 15:44:34 | 000,618,227 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.08.15 20:27:14 | 000,001,766 | ---- | C] () -- C:\Users\***\Desktop\EarMaster.lnk
[2012.08.12 16:03:21 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.12 15:31:54 | 000,000,156 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.06.10 17:53:25 | 000,000,852 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2012.01.14 15:36:33 | 000,000,128 | ---- | C] () -- C:\Windows\Wininit.ini
[2012.01.03 00:44:26 | 000,002,900 | ---- | C] () -- C:\Users\***\AppData\Roaming\gd.db
[2012.01.03 00:44:26 | 000,000,220 | ---- | C] () -- C:\Users\***\AppData\Roaming\groovedown.settings
[2011.10.15 12:54:29 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011.10.15 12:54:29 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2011.10.15 12:54:29 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2011.09.16 11:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.09.16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.09.16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.09.16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.08.02 15:39:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.31 19:43:32 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.07.31 19:43:32 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.07.16 21:33:40 | 000,242,009 | ---- | C] () -- C:\Users\***\schranke2.jpg
[2011.07.16 21:30:22 | 000,424,620 | ---- | C] () -- C:\Users\***\schranke.jpg
[2011.07.03 16:04:27 | 000,109,056 | ---- | C] () -- C:\Windows\System32\UNINSTAL.EXE
[2011.06.29 10:23:40 | 000,178,176 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.24 19:43:57 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.05.18 19:35:57 | 000,007,598 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.05.01 10:45:35 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.04.28 12:47:03 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2011.04.22 09:28:14 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.04.17 21:09:29 | 000,000,292 | ---- | C] () -- C:\Windows\EReg072.dat
[2011.04.17 21:09:16 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ealtest.exe
[2011.04.09 13:14:30 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011.04.09 13:12:13 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.03.13 11:36:32 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.03.13 01:50:50 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2011.03.13 01:46:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.03.13 01:41:37 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.03.13 01:41:34 | 000,030,234 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.03.12 21:22:30 | 000,401,408 | ---- | C] () -- C:\Windows\System32\wget.exe
[2010.11.21 02:46:14 | 000,699,170 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.11.21 02:46:14 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.11.21 02:46:14 | 000,149,602 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.11.21 02:46:14 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 
========== LOP Check ==========
 
[2011.09.11 13:38:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2011.12.24 15:29:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2011.05.01 10:45:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atari
[2012.05.27 22:33:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2011.06.10 16:07:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2011.07.16 23:47:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVM
[2012.01.12 19:21:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitTorrent
[2012.02.01 20:48:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre
[2011.09.18 20:25:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.05.12 16:51:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.10.15 14:08:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\concept design
[2011.04.17 21:08:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.09.03 20:29:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.07.20 19:47:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.07.11 00:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FlashGet
[2011.10.02 13:03:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fofix
[2012.08.23 23:43:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager
[2012.04.06 23:08:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Garmin
[2011.12.04 15:39:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRight
[2012.04.17 14:59:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Groovedown
[2012.04.01 01:44:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.06.19 22:52:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Guitar Pro 6
[2011.05.10 19:08:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.01.03 00:44:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\lang
[2011.05.01 10:45:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2011.12.22 22:05:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\My Games
[2011.07.15 23:12:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.12.04 15:35:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit
[2011.12.04 15:23:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProgSense
[2011.10.21 12:42:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.05.20 19:35:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SKAT
[2011.05.05 22:06:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.03.04 19:11:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.04.03 16:00:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
[2012.05.12 17:32:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Webocton - Scriptly
[2012.06.09 19:03:37 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.05.12 17:17:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2011.09.11 13:38:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2011.03.17 02:10:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2011.12.24 15:29:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2011.05.01 10:45:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atari
[2012.05.27 22:33:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2011.06.10 16:07:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2012.07.31 18:37:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2011.07.16 23:47:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVM
[2012.01.12 19:21:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitTorrent
[2012.02.01 20:48:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre
[2011.09.18 20:25:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.05.12 16:51:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.10.15 14:08:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\concept design
[2011.04.17 21:08:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.06.23 22:49:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2012.09.03 20:29:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.07.20 19:47:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.07.11 00:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FlashGet
[2011.10.02 13:03:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fofix
[2012.08.23 23:43:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager
[2012.04.06 23:08:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Garmin
[2011.12.04 15:39:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRight
[2012.04.17 14:59:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Groovedown
[2012.04.01 01:44:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.06.19 22:52:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Guitar Pro 6
[2011.03.13 01:39:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2011.05.10 19:08:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.01.03 00:44:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\lang
[2011.05.01 10:45:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2011.03.30 19:14:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.08.12 16:03:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.11.21 02:54:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.08.07 17:49:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Player Classic
[2012.03.15 18:46:56 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2012.03.28 12:40:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Microsoft Corporation
[2012.08.02 21:05:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2011.12.22 22:05:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\My Games
[2011.07.15 23:12:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.12.04 15:35:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit
[2011.12.04 15:23:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProgSense
[2011.04.22 09:25:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Real
[2011.10.21 12:42:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.05.20 19:35:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SKAT
[2012.09.03 18:31:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2012.01.03 00:44:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sun
[2011.05.05 22:06:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.03.04 19:11:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.04.03 16:00:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
[2012.07.17 18:17:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2012.05.12 17:32:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Webocton - Scriptly
[2011.08.19 21:02:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Winamp
[2011.04.02 09:21:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.02.09 03:46:52 | 000,903,168 | ---- | M] () -- C:\Users\***\AppData\Roaming\Groovedown\GrooveDown_Start.exe
[2012.04.17 14:59:17 | 001,198,491 | ---- | M] () -- C:\Users\***\AppData\Roaming\Groovedown\unins000.exe
[2011.04.17 23:09:00 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2012.06.09 19:27:44 | 014,590,080 | ---- | M] (DivX, Inc.) -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Templates\DivXInstaller.exe
[2012.01.11 20:59:30 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x86.exe
[2011.09.29 16:19:14 | 000,929,680 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2011.09.29 16:19:18 | 000,278,928 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2011.09.16 11:58:14 | 000,285,696 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe
[2011.09.29 16:19:16 | 003,508,112 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2011.09.16 11:56:02 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe
[2011.09.16 11:56:02 | 000,283,648 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2011.09.16 11:56:04 | 000,666,624 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2011.09.29 16:19:20 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2011.09.16 11:55:38 | 000,106,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe
[2011.09.16 11:55:38 | 000,101,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe
[2011.09.29 16:19:24 | 000,131,984 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2011.09.29 16:19:26 | 000,020,880 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2011.09.29 16:19:28 | 004,662,392 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2011.09.16 11:54:38 | 024,111,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2011.09.29 16:19:30 | 000,364,432 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.01.04 08:07:42 | 000,371,088 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB64217$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
Ich hatte heute nach dem ersten Starten von Windows einen seltsamen Fehler.
Es kam plötzlich eine Fehlermeldung das ein kritischer Fehler aufgetreten sei und Windows in einer Minute nezgestartet wird.
Kurz darauf wurde der Bildschirm schwarz und der Computer startete ohne herunterfahren neu.
Beim diesem 2. Start ief alles normal.
Kann dies auch mit einem Virus zusammenhängen?
Es erscheint mir nämlich sinnlos dass Windows nach einem kritschen Fehler eine Minute wartet um neuzustarten.

cosinus 04.09.2012 13:14
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-1243239617-4095160196-876427130-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1243239617-4095160196-876427130-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1243239617-4095160196-876427130-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1243239617-4095160196-876427130-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1243239617-4095160196-876427130-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1243239617-4095160196-876427130-1000\..\SearchScopes\{782AAE6B-D12F-4DA4-BDD5-707302EC7684}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=efab0fca-506e-4361-9d49-968e169017c3&apn_sauid=730EB986-AB31-41F8-8E28-3F6E60D4C599
FF - user.js - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{350e96e1-4d03-11e0-be39-bcaec52cac5a}\Shell - "" = AutoRun
O33 - MountPoints2\{350e96e1-4d03-11e0-be39-bcaec52cac5a}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{432920d7-6518-11e0-8642-bcaec52cac5a}\Shell - "" = AutoRun
O33 - MountPoints2\{432920d7-6518-11e0-8642-bcaec52cac5a}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
:Files
C:\Windows\$NtUninstallKB64217$
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

wecker23 04.09.2012 21:02
Code:
All processes killed
========== OTL ==========
HKU\S-1-5-21-1243239617-4095160196-876427130-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1243239617-4095160196-876427130-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-1243239617-4095160196-876427130-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-1243239617-4095160196-876427130-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKEY_USERS\S-1-5-21-1243239617-4095160196-876427130-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1243239617-4095160196-876427130-1000\Software\Microsoft\Internet Explorer\SearchScopes\{782AAE6B-D12F-4DA4-BDD5-707302EC7684}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{782AAE6B-D12F-4DA4-BDD5-707302EC7684}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{350e96e1-4d03-11e0-be39-bcaec52cac5a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{350e96e1-4d03-11e0-be39-bcaec52cac5a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{350e96e1-4d03-11e0-be39-bcaec52cac5a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{350e96e1-4d03-11e0-be39-bcaec52cac5a}\ not found.
File G:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{432920d7-6518-11e0-8642-bcaec52cac5a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{432920d7-6518-11e0-8642-bcaec52cac5a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{432920d7-6518-11e0-8642-bcaec52cac5a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{432920d7-6518-11e0-8642-bcaec52cac5a}\ not found.
File I:\LaunchU3.exe -a not found.
========== FILES ==========
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Roaming\Microsoft\Windows folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Roaming\Microsoft folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WCGBP87Y folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Roaming\Macromedia\Flash Player folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Roaming\Macromedia folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Roaming\Adobe\Flash Player\AssetCache\2USM9UVM folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Roaming\Adobe\Flash Player\AssetCache folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Roaming\Adobe\Flash Player folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Roaming\Adobe folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Roaming folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\LocalLow\Microsoft folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\LocalLow folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q7445GFS folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JLKO8OS9 folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0Y7JG1I folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WSVBPQT folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Local\Microsoft\Windows\History folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Local\Microsoft\Windows\Caches folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Local\Microsoft\Windows folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Local\Microsoft folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData\Local folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile\AppData folder moved successfully.
C:\Windows\$NtUninstallKB64217$\systemprofile folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB64217$ scheduled to be moved on reboot.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Downloads\cmd.bat deleted successfully.
C:\Users\***\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 79 bytes
->Temporary Internet Files folder emptied: 283190 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6570733 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10149324 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 16,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: ***
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.60.0 log created on 09042012_215715

Files\Folders moved on Reboot...
Folder move failed. C:\Windows\$NtUninstallKB64217$ scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 05.09.2012 12:28
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

wecker23 05.09.2012 15:50
Code:
16:47:28.0624 2684  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
16:47:28.0671 2684  ============================================================
16:47:28.0671 2684  Current date / time: 2012/09/05 16:47:28.0671
16:47:28.0671 2684  SystemInfo:
16:47:28.0671 2684 
16:47:28.0671 2684  OS Version: 6.1.7601 ServicePack: 1.0
16:47:28.0671 2684  Product type: Workstation
16:47:28.0671 2684  ComputerName: ***-PC
16:47:28.0671 2684  UserName: ***
16:47:28.0671 2684  Windows directory: C:\Windows
16:47:28.0671 2684  System windows directory: C:\Windows
16:47:28.0671 2684  Processor architecture: Intel x86
16:47:28.0671 2684  Number of processors: 2
16:47:28.0671 2684  Page size: 0x1000
16:47:28.0671 2684  Boot type: Normal boot
16:47:28.0671 2684  ============================================================
16:47:31.0713 2684  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:47:31.0728 2684  ============================================================
16:47:31.0728 2684  \Device\Harddisk0\DR0:
16:47:31.0728 2684  MBR partitions:
16:47:31.0728 2684  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14800, BlocksNum 0x32000
16:47:31.0728 2684  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x46800, BlocksNum 0x4E20000
16:47:31.0728 2684  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4E66800, BlocksNum 0xB194000
16:47:31.0775 2684  ============================================================
16:47:31.0837 2684  C: <-> \Device\Harddisk0\DR0\Partition3
16:47:31.0915 2684  E: <-> \Device\Harddisk0\DR0\Partition2
16:47:31.0915 2684  ============================================================
16:47:31.0915 2684  Initialize success
16:47:31.0915 2684  ============================================================
16:48:08.0146 2004  ============================================================
16:48:08.0146 2004  Scan started
16:48:08.0146 2004  Mode: Manual; SigCheck; TDLFS;
16:48:08.0146 2004  ============================================================
16:48:09.0300 2004  ================ Scan system memory ========================
16:48:09.0300 2004  System memory - ok
16:48:09.0300 2004  ================ Scan services =============================
16:48:09.0472 2004  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:48:09.0644 2004  1394ohci - ok
16:48:09.0675 2004  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:48:09.0706 2004  ACPI - ok
16:48:09.0722 2004  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
16:48:09.0784 2004  AcpiPmi - ok
16:48:09.0909 2004  [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:48:09.0987 2004  AdobeARMservice - ok
16:48:10.0018 2004  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
16:48:10.0034 2004  adp94xx - ok
16:48:10.0080 2004  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci        C:\Windows\system32\drivers\adpahci.sys
16:48:10.0096 2004  adpahci - ok
16:48:10.0127 2004  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
16:48:10.0143 2004  adpu320 - ok
16:48:10.0158 2004  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
16:48:10.0346 2004  AeLookupSvc - ok
16:48:10.0408 2004  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD            C:\Windows\system32\drivers\afd.sys
16:48:10.0486 2004  AFD - ok
16:48:10.0517 2004  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
16:48:10.0533 2004  agp440 - ok
16:48:10.0580 2004  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
16:48:10.0595 2004  aic78xx - ok
16:48:10.0658 2004  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG            C:\Windows\System32\alg.exe
16:48:10.0720 2004  ALG - ok
16:48:10.0736 2004  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:48:10.0767 2004  aliide - ok
16:48:10.0923 2004  ALSysIO - ok
16:48:10.0985 2004  [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:48:11.0048 2004  AMD External Events Utility - ok
16:48:11.0079 2004  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
16:48:11.0110 2004  amdagp - ok
16:48:11.0110 2004  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:48:11.0126 2004  amdide - ok
16:48:11.0157 2004  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
16:48:11.0204 2004  AmdK8 - ok
16:48:11.0360 2004  [ 04F09923A393E4E0E8453A8F78361E73 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:48:11.0531 2004  amdkmdag - ok
16:48:11.0594 2004  [ 41208D1064B119C351A7F2146274030B ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
16:48:11.0687 2004  amdkmdap - ok
16:48:11.0750 2004  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:48:11.0796 2004  AmdPPM - ok
16:48:11.0843 2004  [ D320BF87125326F996D4904FE24300FC ] amdsata        C:\Windows\system32\drivers\amdsata.sys
16:48:11.0874 2004  amdsata - ok
16:48:11.0921 2004  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:48:11.0952 2004  amdsbs - ok
16:48:11.0968 2004  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
16:48:11.0984 2004  amdxata - ok
16:48:12.0155 2004  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:48:12.0171 2004  AntiVirSchedulerService - ok
16:48:12.0218 2004  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:48:12.0249 2004  AntiVirService - ok
16:48:12.0280 2004  [ AEA177F783E20150ACE5383EE368DA19 ] AppID          C:\Windows\system32\drivers\appid.sys
16:48:12.0327 2004  AppID - ok
16:48:12.0358 2004  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:48:12.0420 2004  AppIDSvc - ok
16:48:12.0452 2004  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo        C:\Windows\System32\appinfo.dll
16:48:12.0530 2004  Appinfo - ok
16:48:12.0561 2004  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc            C:\Windows\system32\drivers\arc.sys
16:48:12.0576 2004  arc - ok
16:48:12.0592 2004  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:48:12.0608 2004  arcsas - ok
16:48:12.0701 2004  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:48:12.0779 2004  aspnet_state - ok
16:48:12.0810 2004  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:48:12.0935 2004  AsyncMac - ok
16:48:12.0966 2004  [ 338C86357871C167A96AB976519BF59E ] atapi          C:\Windows\system32\drivers\atapi.sys
16:48:12.0966 2004  atapi - ok
16:48:13.0138 2004  [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:48:13.0200 2004  atikmdag - ok
16:48:13.0247 2004  [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie        C:\Windows\system32\DRIVERS\AtiPcie.sys
16:48:13.0278 2004  AtiPcie - ok
16:48:13.0325 2004  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:48:13.0403 2004  AudioEndpointBuilder - ok
16:48:13.0419 2004  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:48:13.0450 2004  Audiosrv - ok
16:48:13.0481 2004  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
16:48:13.0497 2004  avgntflt - ok
16:48:13.0528 2004  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
16:48:13.0544 2004  avipbb - ok
16:48:13.0575 2004  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
16:48:13.0590 2004  avkmgr - ok
16:48:13.0622 2004  [ 728C4A6C722535C16D1025F51AA31E22 ] avmaudio        C:\Windows\system32\DRIVERS\avmaudio.sys
16:48:13.0668 2004  avmaudio - ok
16:48:13.0715 2004  [ 263CF9D248FD5E020A1333ED4F7EAA88 ] avmeject        C:\Windows\system32\drivers\avmeject.sys
16:48:13.0746 2004  avmeject ( UnsignedFile.Multi.Generic ) - warning
16:48:13.0746 2004  avmeject - detected UnsignedFile.Multi.Generic (1)
16:48:13.0793 2004  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:48:13.0887 2004  AxInstSV - ok
16:48:13.0934 2004  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv        C:\Windows\system32\drivers\bxvbdx.sys
16:48:14.0012 2004  b06bdrv - ok
16:48:14.0043 2004  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
16:48:14.0074 2004  b57nd60x - ok
16:48:14.0121 2004  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:48:14.0168 2004  BDESVC - ok
16:48:14.0214 2004  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:48:14.0277 2004  Beep - ok
16:48:14.0308 2004  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE            C:\Windows\System32\bfe.dll
16:48:14.0355 2004  BFE - ok
16:48:14.0370 2004  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:48:14.0386 2004  blbdrive - ok
16:48:14.0417 2004  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:48:14.0464 2004  bowser - ok
16:48:14.0495 2004  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
16:48:14.0542 2004  BrFiltLo - ok
16:48:14.0558 2004  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
16:48:14.0589 2004  BrFiltUp - ok
16:48:14.0636 2004  [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser        C:\Windows\System32\browser.dll
16:48:14.0714 2004  Browser - ok
16:48:14.0729 2004  [ 845B8CE732E67F3B4133164868C666EA ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
16:48:14.0776 2004  Brserid - ok
16:48:14.0792 2004  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:48:14.0823 2004  BrSerWdm - ok
16:48:14.0838 2004  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:48:14.0854 2004  BrUsbMdm - ok
16:48:14.0870 2004  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:48:14.0901 2004  BrUsbSer - ok
16:48:14.0916 2004  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:48:14.0948 2004  BTHMODEM - ok
16:48:14.0994 2004  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv        C:\Windows\system32\bthserv.dll
16:48:15.0041 2004  bthserv - ok
16:48:15.0072 2004  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:48:15.0119 2004  cdfs - ok
16:48:15.0166 2004  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
16:48:15.0213 2004  cdrom - ok
16:48:15.0244 2004  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc    C:\Windows\System32\certprop.dll
16:48:15.0306 2004  CertPropSvc - ok
16:48:15.0322 2004  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys
16:48:15.0369 2004  circlass - ok
16:48:15.0400 2004  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
16:48:15.0431 2004  CLFS - ok
16:48:15.0494 2004  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:48:15.0525 2004  clr_optimization_v2.0.50727_32 - ok
16:48:15.0556 2004  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:48:15.0634 2004  clr_optimization_v4.0.30319_32 - ok
16:48:15.0650 2004  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
16:48:15.0665 2004  CmBatt - ok
16:48:15.0696 2004  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:48:15.0696 2004  cmdide - ok
16:48:15.0743 2004  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG            C:\Windows\system32\Drivers\cng.sys
16:48:15.0759 2004  CNG - ok
16:48:15.0790 2004  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
16:48:15.0806 2004  Compbatt - ok
16:48:15.0821 2004  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
16:48:15.0852 2004  CompositeBus - ok
16:48:15.0852 2004  COMSysApp - ok
16:48:15.0884 2004  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
16:48:15.0884 2004  crcdisk - ok
16:48:15.0930 2004  [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:48:15.0977 2004  CryptSvc - ok
16:48:16.0024 2004  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:48:16.0071 2004  DcomLaunch - ok
16:48:16.0102 2004  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc      C:\Windows\System32\defragsvc.dll
16:48:16.0133 2004  defragsvc - ok
16:48:16.0149 2004  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:48:16.0164 2004  DfsC - ok
16:48:16.0211 2004  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:48:16.0274 2004  Dhcp - ok
16:48:16.0289 2004  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
16:48:16.0336 2004  discache - ok
16:48:16.0367 2004  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\drivers\disk.sys
16:48:16.0383 2004  Disk - ok
16:48:16.0414 2004  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:48:16.0461 2004  Dnscache - ok
16:48:16.0492 2004  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc        C:\Windows\System32\dot3svc.dll
16:48:16.0539 2004  dot3svc - ok
16:48:16.0570 2004  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS            C:\Windows\system32\dps.dll
16:48:16.0601 2004  DPS - ok
16:48:16.0617 2004  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
16:48:16.0648 2004  drmkaud - ok
16:48:16.0679 2004  [ ED9912ACE49FD6E3B32EAEBAFBAC02B5 ] dtsoftbus01    C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:48:16.0679 2004  Suspicious file (Forged): C:\Windows\system32\DRIVERS\dtsoftbus01.sys. Real md5: ED9912ACE49FD6E3B32EAEBAFBAC02B5, Fake md5: 555E54AC2F601A8821CEF58961653991
16:48:16.0679 2004  dtsoftbus01 ( Virus.Win32.ZAccess.k ) - infected
16:48:16.0679 2004  dtsoftbus01 - detected Virus.Win32.ZAccess.k (0)
16:48:16.0742 2004  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
16:48:16.0757 2004  DXGKrnl - ok
16:48:16.0788 2004  EagleXNt - ok
16:48:16.0804 2004  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost        C:\Windows\System32\eapsvc.dll
16:48:16.0851 2004  EapHost - ok
16:48:16.0960 2004  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv          C:\Windows\system32\drivers\evbdx.sys
16:48:17.0085 2004  ebdrv - ok
16:48:17.0116 2004  [ 81951F51E318AECC2D68559E47485CC4 ] EFS            C:\Windows\System32\lsass.exe
16:48:17.0163 2004  EFS - ok
16:48:17.0225 2004  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
16:48:17.0288 2004  ehRecvr - ok
16:48:17.0303 2004  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched        C:\Windows\ehome\ehsched.exe
16:48:17.0334 2004  ehSched - ok
16:48:17.0381 2004  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor        C:\Windows\system32\drivers\elxstor.sys
16:48:17.0444 2004  elxstor - ok
16:48:17.0459 2004  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:48:17.0475 2004  ErrDev - ok
16:48:17.0522 2004  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem    C:\Windows\system32\es.dll
16:48:17.0553 2004  EventSystem - ok
16:48:17.0568 2004  [ 2DC9108D74081149CC8B651D3A26207F ] exfat          C:\Windows\system32\drivers\exfat.sys
16:48:17.0600 2004  exfat - ok
16:48:17.0631 2004  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
16:48:17.0709 2004  fastfat - ok
16:48:17.0756 2004  [ 967EA5B213E9984CBE270205DF37755B ] Fax            C:\Windows\system32\fxssvc.exe
16:48:17.0834 2004  Fax - ok
16:48:17.0834 2004  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc            C:\Windows\system32\drivers\fdc.sys
16:48:17.0865 2004  fdc - ok
16:48:17.0896 2004  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost        C:\Windows\system32\fdPHost.dll
16:48:17.0958 2004  fdPHost - ok
16:48:17.0990 2004  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
16:48:18.0005 2004  FDResPub - ok
16:48:18.0021 2004  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:48:18.0036 2004  FileInfo - ok
16:48:18.0052 2004  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
16:48:18.0083 2004  Filetrace - ok
16:48:18.0114 2004  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
16:48:18.0130 2004  flpydisk - ok
16:48:18.0161 2004  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:48:18.0192 2004  FltMgr - ok
16:48:18.0224 2004  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache      C:\Windows\system32\FntCache.dll
16:48:18.0286 2004  FontCache - ok
16:48:18.0333 2004  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:48:18.0364 2004  FontCache3.0.0.0 - ok
16:48:18.0395 2004  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
16:48:18.0426 2004  FsDepends - ok
16:48:18.0442 2004  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:48:18.0458 2004  Fs_Rec - ok
16:48:18.0489 2004  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:48:18.0504 2004  fvevol - ok
16:48:18.0551 2004  [ FF12FA487265DA2AC7DE4BE53F72FF1A ] FWLANUSB        C:\Windows\system32\DRIVERS\fwlanusb.sys
16:48:18.0614 2004  FWLANUSB - ok
16:48:18.0629 2004  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:48:18.0660 2004  gagp30kx - ok
16:48:18.0707 2004  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc          C:\Windows\System32\gpsvc.dll
16:48:18.0754 2004  gpsvc - ok
16:48:18.0785 2004  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:48:18.0848 2004  hcw85cir - ok
16:48:18.0879 2004  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:48:18.0941 2004  HdAudAddService - ok
16:48:18.0957 2004  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:48:18.0988 2004  HDAudBus - ok
16:48:19.0004 2004  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt        C:\Windows\system32\drivers\HidBatt.sys
16:48:19.0019 2004  HidBatt - ok
16:48:19.0035 2004  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:48:19.0082 2004  HidBth - ok
16:48:19.0097 2004  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr          C:\Windows\system32\drivers\hidir.sys
16:48:19.0128 2004  HidIr - ok
16:48:19.0160 2004  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv        C:\Windows\system32\hidserv.dll
16:48:19.0191 2004  hidserv - ok
16:48:19.0222 2004  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:48:19.0269 2004  HidUsb - ok
16:48:19.0284 2004  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:48:19.0331 2004  hkmsvc - ok
16:48:19.0347 2004  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:48:19.0378 2004  HomeGroupListener - ok
16:48:19.0394 2004  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:48:19.0440 2004  HomeGroupProvider - ok
16:48:19.0472 2004  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:48:19.0503 2004  HpSAMD - ok
16:48:19.0565 2004  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:48:19.0612 2004  HTTP - ok
16:48:19.0643 2004  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:48:19.0643 2004  hwpolicy - ok
16:48:19.0674 2004  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:48:19.0706 2004  i8042prt - ok
16:48:19.0737 2004  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
16:48:19.0784 2004  iaStorV - ok
16:48:19.0846 2004  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:48:19.0940 2004  idsvc - ok
16:48:19.0971 2004  [ 4173FF5708F3236CF25195FECD742915 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
16:48:20.0002 2004  iirsp - ok
16:48:20.0064 2004  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:48:20.0142 2004  IKEEXT - ok
16:48:20.0158 2004  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:48:20.0158 2004  intelide - ok
16:48:20.0189 2004  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
16:48:20.0220 2004  intelppm - ok
16:48:20.0252 2004  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
16:48:20.0283 2004  IPBusEnum - ok
16:48:20.0298 2004  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:48:20.0330 2004  IpFilterDriver - ok
16:48:20.0345 2004  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
16:48:20.0361 2004  IPMIDRV - ok
16:48:20.0376 2004  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
16:48:20.0423 2004  IPNAT - ok
16:48:20.0454 2004  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:48:20.0517 2004  IRENUM - ok
16:48:20.0564 2004  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:48:20.0595 2004  isapnp - ok
16:48:20.0673 2004  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:48:20.0720 2004  iScsiPrt - ok
16:48:20.0751 2004  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:48:20.0766 2004  kbdclass - ok
16:48:20.0829 2004  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:48:20.0876 2004  kbdhid - ok
16:48:20.0907 2004  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
16:48:20.0922 2004  KeyIso - ok
16:48:20.0954 2004  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:48:21.0016 2004  KSecDD - ok
16:48:21.0078 2004  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
16:48:21.0110 2004  KSecPkg - ok
16:48:21.0141 2004  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm          C:\Windows\system32\msdtckrm.dll
16:48:21.0188 2004  KtmRm - ok
16:48:21.0219 2004  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:48:21.0250 2004  LanmanServer - ok
16:48:21.0281 2004  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:48:21.0312 2004  LanmanWorkstation - ok
16:48:21.0359 2004  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:48:21.0406 2004  lltdio - ok
16:48:21.0437 2004  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
16:48:21.0468 2004  lltdsvc - ok
16:48:21.0484 2004  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts        C:\Windows\System32\lmhsvc.dll
16:48:21.0562 2004  lmhosts - ok
16:48:21.0593 2004  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:48:21.0609 2004  LSI_FC - ok
16:48:21.0640 2004  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
16:48:21.0656 2004  LSI_SAS - ok
16:48:21.0687 2004  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:48:21.0687 2004  LSI_SAS2 - ok
16:48:21.0718 2004  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:48:21.0734 2004  LSI_SCSI - ok
16:48:21.0749 2004  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv          C:\Windows\system32\drivers\luafv.sys
16:48:21.0780 2004  luafv - ok
16:48:21.0796 2004  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
16:48:21.0812 2004  Mcx2Svc - ok
16:48:21.0843 2004  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas        C:\Windows\system32\drivers\megasas.sys
16:48:21.0843 2004  megasas - ok
16:48:21.0874 2004  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
16:48:21.0905 2004  MegaSR - ok
16:48:21.0921 2004  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS          C:\Windows\system32\mmcss.dll
16:48:21.0968 2004  MMCSS - ok
16:48:21.0983 2004  [ F001861E5700EE84E2D4E52C712F4964 ] Modem          C:\Windows\system32\drivers\modem.sys
16:48:22.0030 2004  Modem - ok
16:48:22.0046 2004  [ 79D10964DE86B292320E9DFE02282A23 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
16:48:22.0077 2004  monitor - ok
16:48:22.0108 2004  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:48:22.0124 2004  mouclass - ok
16:48:22.0155 2004  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:48:22.0170 2004  mouhid - ok
16:48:22.0202 2004  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:48:22.0217 2004  mountmgr - ok
16:48:22.0233 2004  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:48:22.0233 2004  mpio - ok
16:48:22.0264 2004  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:48:22.0280 2004  mpsdrv - ok
16:48:22.0295 2004  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:48:22.0326 2004  MRxDAV - ok
16:48:22.0358 2004  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:48:22.0373 2004  mrxsmb - ok
16:48:22.0404 2004  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:48:22.0451 2004  mrxsmb10 - ok
16:48:22.0467 2004  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:48:22.0482 2004  mrxsmb20 - ok
16:48:22.0514 2004  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
16:48:22.0529 2004  msahci - ok
16:48:22.0560 2004  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
16:48:22.0592 2004  msdsm - ok
16:48:22.0623 2004  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC          C:\Windows\System32\msdtc.exe
16:48:22.0685 2004  MSDTC - ok
16:48:22.0716 2004  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:48:22.0748 2004  Msfs - ok
16:48:22.0779 2004  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
16:48:22.0872 2004  mshidkmdf - ok
16:48:22.0888 2004  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:48:22.0888 2004  msisadrv - ok
16:48:22.0950 2004  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
16:48:23.0028 2004  MSiSCSI - ok
16:48:23.0028 2004  msiserver - ok
16:48:23.0060 2004  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
16:48:23.0106 2004  MSKSSRV - ok
16:48:23.0247 2004  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:48:23.0356 2004  MSPCLOCK - ok
16:48:23.0387 2004  [ F456E973590D663B1073E9C463B40932 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
16:48:23.0418 2004  MSPQM - ok
16:48:23.0450 2004  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
16:48:23.0450 2004  MsRPC - ok
16:48:23.0481 2004  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:48:23.0496 2004  mssmbios - ok
16:48:23.0512 2004  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
16:48:23.0543 2004  MSTEE - ok
16:48:23.0559 2004  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
16:48:23.0590 2004  MTConfig - ok
16:48:23.0637 2004  [ CBE71C122434805CB73FFB6619F60598 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
16:48:23.0637 2004  MTsensor - ok
16:48:23.0668 2004  [ 159FAD02F64E6381758C990F753BCC80 ] Mup            C:\Windows\system32\Drivers\mup.sys
16:48:23.0668 2004  Mup - ok
16:48:23.0746 2004  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
16:48:23.0762 2004  napagent - ok
16:48:23.0840 2004  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
16:48:23.0855 2004  NativeWifiP - ok
16:48:23.0886 2004  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:48:23.0918 2004  NDIS - ok
16:48:23.0964 2004  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
16:48:23.0996 2004  NdisCap - ok
16:48:24.0011 2004  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:48:24.0042 2004  NdisTapi - ok
16:48:24.0136 2004  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
16:48:24.0245 2004  Ndisuio - ok
16:48:24.0276 2004  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
16:48:24.0354 2004  NdisWan - ok
16:48:24.0401 2004  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
16:48:24.0464 2004  NDProxy - ok
16:48:24.0510 2004  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
16:48:24.0557 2004  NetBIOS - ok
16:48:24.0573 2004  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
16:48:24.0604 2004  NetBT - ok
16:48:24.0620 2004  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
16:48:24.0620 2004  Netlogon - ok
16:48:24.0666 2004  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
16:48:24.0729 2004  Netman - ok
16:48:24.0776 2004  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:48:24.0807 2004  NetMsmqActivator - ok
16:48:24.0822 2004  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:48:24.0838 2004  NetPipeActivator - ok
16:48:24.0885 2004  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
16:48:24.0978 2004  netprofm - ok
16:48:25.0010 2004  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:48:25.0010 2004  NetTcpActivator - ok
16:48:25.0025 2004  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:48:25.0041 2004  NetTcpPortSharing - ok
16:48:25.0072 2004  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
16:48:25.0103 2004  nfrd960 - ok
16:48:25.0134 2004  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:48:25.0166 2004  NlaSvc - ok
16:48:25.0181 2004  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:48:25.0212 2004  Npfs - ok
16:48:25.0244 2004  npggsvc - ok
16:48:25.0275 2004  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi            C:\Windows\system32\nsisvc.dll
16:48:25.0306 2004  nsi - ok
16:48:25.0322 2004  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:48:25.0337 2004  nsiproxy - ok
16:48:25.0415 2004  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:48:25.0462 2004  Ntfs - ok
16:48:25.0493 2004  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
16:48:25.0540 2004  Null - ok
16:48:25.0540 2004  nvlddmkm - ok
16:48:25.0587 2004  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:48:25.0587 2004  nvraid - ok
16:48:25.0618 2004  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:48:25.0634 2004  nvstor - ok
16:48:25.0649 2004  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:48:25.0665 2004  nv_agp - ok
16:48:25.0680 2004  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:48:25.0696 2004  ohci1394 - ok
16:48:25.0774 2004  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:48:25.0790 2004  ose - ok
16:48:25.0836 2004  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:48:25.0868 2004  p2pimsvc - ok
16:48:25.0914 2004  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:48:25.0946 2004  p2psvc - ok
16:48:25.0977 2004  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
16:48:26.0008 2004  Parport - ok
16:48:26.0039 2004  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr        C:\Windows\system32\drivers\partmgr.sys
16:48:26.0039 2004  partmgr - ok
16:48:26.0070 2004  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
16:48:26.0086 2004  Parvdm - ok
16:48:26.0117 2004  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:48:26.0133 2004  PcaSvc - ok
16:48:26.0148 2004  [ 673E55C3498EB970088E812EA820AA8F ] pci            C:\Windows\system32\drivers\pci.sys
16:48:26.0164 2004  pci - ok
16:48:26.0180 2004  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
16:48:26.0195 2004  pciide - ok
16:48:26.0211 2004  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:48:26.0226 2004  pcmcia - ok
16:48:26.0242 2004  [ 250F6B43D2B613172035C6747AEEB19F ] pcw            C:\Windows\system32\drivers\pcw.sys
16:48:26.0258 2004  pcw - ok
16:48:26.0304 2004  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:48:26.0382 2004  PEAUTH - ok
16:48:26.0460 2004  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla            C:\Windows\system32\pla.dll
16:48:26.0538 2004  pla - ok
16:48:26.0570 2004  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:48:26.0616 2004  PlugPlay - ok
16:48:26.0648 2004  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
16:48:26.0663 2004  PNRPAutoReg - ok
16:48:26.0679 2004  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
16:48:26.0694 2004  PNRPsvc - ok
16:48:26.0726 2004  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
16:48:26.0757 2004  PolicyAgent - ok
16:48:26.0788 2004  [ F87D30E72E03D579A5199CCB3831D6EA ] Power          C:\Windows\system32\umpo.dll
16:48:26.0866 2004  Power - ok
16:48:26.0897 2004  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:48:26.0928 2004  PptpMiniport - ok
16:48:26.0960 2004  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor      C:\Windows\system32\drivers\processr.sys
16:48:26.0975 2004  Processor - ok
16:48:27.0022 2004  [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc        C:\Windows\system32\profsvc.dll
16:48:27.0038 2004  ProfSvc - ok
16:48:27.0069 2004  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:48:27.0069 2004  ProtectedStorage - ok
16:48:27.0100 2004  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:48:27.0131 2004  Psched - ok
16:48:27.0178 2004  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:48:27.0225 2004  ql2300 - ok
16:48:27.0256 2004  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:48:27.0256 2004  ql40xx - ok
16:48:27.0287 2004  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE          C:\Windows\system32\qwave.dll
16:48:27.0318 2004  QWAVE - ok
16:48:27.0318 2004  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:48:27.0334 2004  QWAVEdrv - ok
16:48:27.0350 2004  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:48:27.0381 2004  RasAcd - ok
16:48:27.0428 2004  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
16:48:27.0506 2004  RasAgileVpn - ok
16:48:27.0537 2004  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto        C:\Windows\System32\rasauto.dll
16:48:27.0630 2004  RasAuto - ok
16:48:27.0662 2004  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
16:48:27.0740 2004  Rasl2tp - ok
16:48:27.0771 2004  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
16:48:27.0802 2004  RasMan - ok
16:48:27.0833 2004  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:48:27.0849 2004  RasPppoe - ok
16:48:27.0896 2004  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
16:48:27.0942 2004  RasSstp - ok
16:48:27.0958 2004  [ D528BC58A489409BA40334EBF96A311B ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
16:48:27.0989 2004  rdbss - ok
16:48:28.0005 2004  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
16:48:28.0020 2004  rdpbus - ok
16:48:28.0036 2004  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:48:28.0067 2004  RDPCDD - ok
16:48:28.0098 2004  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:48:28.0114 2004  RDPENCDD - ok
16:48:28.0145 2004  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:48:28.0176 2004  RDPREFMP - ok
16:48:28.0192 2004  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
16:48:28.0223 2004  RDPWD - ok
16:48:28.0270 2004  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:48:28.0301 2004  rdyboost - ok
16:48:28.0317 2004  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:48:28.0348 2004  RemoteAccess - ok
16:48:28.0364 2004  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:48:28.0379 2004  RemoteRegistry - ok
16:48:28.0410 2004  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:48:28.0442 2004  RpcEptMapper - ok
16:48:28.0473 2004  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
16:48:28.0504 2004  RpcLocator - ok
16:48:28.0582 2004  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs          C:\Windows\system32\rpcss.dll
16:48:28.0629 2004  RpcSs - ok
16:48:28.0676 2004  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:48:28.0722 2004  rspndr - ok
16:48:28.0785 2004  [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167        C:\Windows\system32\DRIVERS\Rt86win7.sys
16:48:28.0816 2004  RTL8167 - ok
16:48:28.0832 2004  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs          C:\Windows\system32\lsass.exe
16:48:28.0847 2004  SamSs - ok
16:48:28.0878 2004  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:48:28.0894 2004  sbp2port - ok
16:48:28.0910 2004  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:48:28.0956 2004  SCardSvr - ok
16:48:28.0972 2004  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:48:29.0003 2004  scfilter - ok
16:48:29.0066 2004  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
16:48:29.0175 2004  Schedule - ok
16:48:29.0190 2004  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc    C:\Windows\System32\certprop.dll
16:48:29.0206 2004  SCPolicySvc - ok
16:48:29.0237 2004  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:48:29.0268 2004  SDRSVC - ok
16:48:29.0300 2004  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:48:29.0346 2004  secdrv - ok
16:48:29.0378 2004  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
16:48:29.0409 2004  seclogon - ok
16:48:29.0440 2004  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
16:48:29.0471 2004  SENS - ok
16:48:29.0502 2004  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:48:29.0518 2004  SensrSvc - ok
16:48:29.0549 2004  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
16:48:29.0580 2004  Serenum - ok
16:48:29.0612 2004  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:48:29.0627 2004  Serial - ok
16:48:29.0721 2004  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:48:29.0768 2004  sermouse - ok
16:48:29.0830 2004  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:48:29.0908 2004  SessionEnv - ok
16:48:29.0924 2004  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
16:48:30.0002 2004  sffdisk - ok
16:48:30.0048 2004  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:48:30.0142 2004  sffp_mmc - ok
16:48:30.0173 2004  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
16:48:30.0251 2004  sffp_sd - ok
16:48:30.0314 2004  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
16:48:30.0407 2004  sfloppy - ok
16:48:30.0485 2004  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:48:30.0579 2004  ShellHWDetection - ok
16:48:30.0594 2004  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
16:48:30.0626 2004  sisagp - ok
16:48:30.0688 2004  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:48:30.0766 2004  SiSRaid2 - ok
16:48:30.0782 2004  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:48:30.0797 2004  SiSRaid4 - ok
16:48:31.0842 2004  [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:48:31.0967 2004  Skype C2C Service - ok
16:48:32.0123 2004  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
16:48:32.0154 2004  SkypeUpdate - ok
16:48:32.0279 2004  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb            C:\Windows\system32\DRIVERS\smb.sys
16:48:32.0373 2004  Smb - ok
16:48:32.0498 2004  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:48:32.0560 2004  SNMPTRAP - ok
16:48:32.0576 2004  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr          C:\Windows\system32\drivers\spldr.sys
16:48:32.0591 2004  spldr - ok
16:48:32.0732 2004  [ 866A43013535DC8587C258E43579C764 ] Spooler        C:\Windows\System32\spoolsv.exe
16:48:32.0778 2004  Spooler - ok
16:48:33.0590 2004  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
16:48:33.0730 2004  sppsvc - ok
16:48:33.0824 2004  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
16:48:33.0870 2004  sppuinotify - ok
16:48:33.0980 2004  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv            C:\Windows\system32\DRIVERS\srv.sys
16:48:34.0104 2004  srv - ok
16:48:34.0229 2004  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:48:34.0323 2004  srv2 - ok
16:48:34.0401 2004  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:48:34.0463 2004  srvnet - ok
16:48:34.0526 2004  [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus        C:\Windows\system32\DRIVERS\ssadbus.sys
16:48:34.0697 2004  ssadbus - ok
16:48:34.0838 2004  [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
16:48:34.0931 2004  ssadmdfl - ok
16:48:34.0994 2004  [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm        C:\Windows\system32\DRIVERS\ssadmdm.sys
16:48:35.0056 2004  ssadmdm - ok
16:48:35.0087 2004  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
16:48:35.0118 2004  SSDPSRV - ok
16:48:35.0196 2004  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
16:48:35.0228 2004  ssmdrv - ok
16:48:35.0290 2004  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
16:48:35.0384 2004  SstpSvc - ok
16:48:35.0540 2004  [ 306521935042FC0A6988D528643619B3 ] StarOpen        C:\Windows\system32\drivers\StarOpen.sys
16:48:35.0555 2004  StarOpen ( UnsignedFile.Multi.Generic ) - warning
16:48:35.0555 2004  StarOpen - detected UnsignedFile.Multi.Generic (1)
16:48:35.0633 2004  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:48:35.0680 2004  stexstor - ok
16:48:35.0742 2004  [ EDB05BD63148796F23EA78506404A538 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
16:48:35.0774 2004  StillCam - ok
16:48:35.0820 2004  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
16:48:35.0867 2004  StiSvc - ok
16:48:35.0898 2004  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:48:35.0898 2004  swenum - ok
16:48:35.0992 2004  [ A28BD92DF340E57B024BA433165D34D7 ] swprv          C:\Windows\System32\swprv.dll
16:48:36.0101 2004  swprv - ok
16:48:36.0366 2004  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain        C:\Windows\system32\sysmain.dll
16:48:36.0413 2004  SysMain - ok
16:48:36.0444 2004  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:48:36.0522 2004  TabletInputService - ok
16:48:36.0600 2004  [ 613BF4820361543956909043A265C6AC ] TapiSrv        C:\Windows\System32\tapisrv.dll
16:48:36.0710 2004  TapiSrv - ok
16:48:36.0788 2004  [ B799D9FDB26111737F58288D8DC172D9 ] TBS            C:\Windows\System32\tbssvc.dll
16:48:36.0850 2004  TBS - ok
16:48:37.0022 2004  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
16:48:37.0115 2004  Tcpip - ok
16:48:37.0334 2004  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:48:37.0380 2004  TCPIP6 - ok
16:48:37.0412 2004  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:48:37.0458 2004  tcpipreg - ok
16:48:37.0490 2004  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:48:37.0521 2004  TDPIPE - ok
16:48:37.0552 2004  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
16:48:37.0599 2004  TDTCP - ok
16:48:37.0630 2004  [ B459575348C20E8121D6039DA063C704 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
16:48:37.0646 2004  tdx - ok
16:48:37.0661 2004  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:48:37.0677 2004  TermDD - ok
16:48:37.0770 2004  [ 382C804C92811BE57829D8E550A900E2 ] TermService    C:\Windows\System32\termsrv.dll
16:48:37.0817 2004  TermService - ok
16:48:37.0848 2004  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
16:48:37.0895 2004  Themes - ok
16:48:37.0911 2004  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER    C:\Windows\system32\mmcss.dll
16:48:37.0926 2004  THREADORDER - ok
16:48:37.0958 2004  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
16:48:37.0989 2004  TrkWks - ok
16:48:38.0020 2004  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:48:38.0082 2004  TrustedInstaller - ok
16:48:38.0098 2004  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:48:38.0129 2004  tssecsrv - ok
16:48:38.0145 2004  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:48:38.0176 2004  TsUsbFlt - ok
16:48:38.0192 2004  [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD        C:\Windows\system32\drivers\TsUsbGD.sys
16:48:38.0223 2004  TsUsbGD - ok
16:48:38.0254 2004  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:48:38.0285 2004  tunnel - ok
16:48:38.0301 2004  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:48:38.0316 2004  uagp35 - ok
16:48:38.0363 2004  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:48:38.0394 2004  udfs - ok
16:48:38.0426 2004  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
16:48:38.0457 2004  UI0Detect - ok
16:48:38.0488 2004  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:48:38.0504 2004  uliagpkx - ok
16:48:38.0519 2004  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
16:48:38.0550 2004  umbus - ok
16:48:38.0566 2004  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys
16:48:38.0613 2004  UmPass - ok
16:48:38.0644 2004  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
16:48:38.0691 2004  upnphost - ok
16:48:38.0722 2004  [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL        C:\Windows\system32\Drivers\usbaapl.sys
16:48:38.0738 2004  USBAAPL ( UnsignedFile.Multi.Generic ) - warning
16:48:38.0738 2004  USBAAPL - detected UnsignedFile.Multi.Generic (1)
16:48:38.0769 2004  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
16:48:38.0784 2004  usbccgp - ok
16:48:38.0816 2004  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:48:38.0831 2004  usbcir - ok
16:48:38.0940 2004  [ 8FB30C23E3C2143C7CA31AF874EDCE3B ] USBDLM          C:\Tools\USBDLM\USBDLM.exe
16:48:38.0940 2004  USBDLM ( UnsignedFile.Multi.Generic ) - warning
16:48:38.0940 2004  USBDLM - detected UnsignedFile.Multi.Generic (1)
16:48:38.0972 2004  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
16:48:39.0003 2004  usbehci - ok
16:48:39.0081 2004  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:48:39.0096 2004  usbhub - ok
16:48:39.0128 2004  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
16:48:39.0143 2004  usbohci - ok
16:48:39.0190 2004  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:48:39.0206 2004  usbprint - ok
16:48:39.0252 2004  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
16:48:39.0284 2004  usbscan - ok
16:48:39.0299 2004  [ F991AB9CC6B908DB552166768176896A ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:48:39.0346 2004  USBSTOR - ok
16:48:39.0362 2004  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
16:48:39.0393 2004  usbuhci - ok
16:48:39.0424 2004  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms          C:\Windows\System32\uxsms.dll
16:48:39.0455 2004  UxSms - ok
16:48:39.0471 2004  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
16:48:39.0486 2004  VaultSvc - ok
16:48:39.0518 2004  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:48:39.0533 2004  vdrvroot - ok
16:48:39.0564 2004  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds            C:\Windows\System32\vds.exe
16:48:39.0627 2004  vds - ok
16:48:39.0658 2004  [ 17C408214EA61696CEC9C66E388B14F3 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
16:48:39.0689 2004  vga - ok
16:48:39.0705 2004  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave        C:\Windows\System32\drivers\vga.sys
16:48:39.0720 2004  VgaSave - ok
16:48:39.0752 2004  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
16:48:39.0767 2004  vhdmp - ok
16:48:39.0783 2004  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
16:48:39.0798 2004  viaagp - ok
16:48:39.0814 2004  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7          C:\Windows\system32\drivers\viac7.sys
16:48:39.0830 2004  ViaC7 - ok
16:48:39.0892 2004  [ B9ECF6756858C8FED4FE68E966BF2F5F ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
16:48:39.0939 2004  VIAHdAudAddService - ok
16:48:39.0954 2004  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
16:48:39.0970 2004  viaide - ok
16:48:39.0986 2004  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:48:39.0986 2004  volmgr - ok
16:48:40.0032 2004  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
16:48:40.0048 2004  volmgrx - ok
16:48:40.0064 2004  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
16:48:40.0079 2004  volsnap - ok
16:48:40.0110 2004  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
16:48:40.0126 2004  vsmraid - ok
16:48:40.0173 2004  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS            C:\Windows\system32\vssvc.exe
16:48:40.0235 2004  VSS - ok
16:48:40.0266 2004  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:48:40.0298 2004  vwifibus - ok
16:48:40.0329 2004  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time        C:\Windows\system32\w32time.dll
16:48:40.0386 2004  W32Time - ok
16:48:40.0416 2004  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:48:40.0436 2004  WacomPen - ok
16:48:40.0456 2004  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:48:40.0486 2004  WANARP - ok
16:48:40.0506 2004  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:48:40.0516 2004  Wanarpv6 - ok
16:48:40.0616 2004  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
16:48:40.0686 2004  WatAdminSvc - ok
16:48:40.0736 2004  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
16:48:40.0796 2004  wbengine - ok
16:48:40.0826 2004  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:48:40.0846 2004  WbioSrvc - ok
16:48:40.0876 2004  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc        C:\Windows\System32\wcncsvc.dll
16:48:40.0896 2004  wcncsvc - ok
16:48:40.0916 2004  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:48:40.0986 2004  WcsPlugInService - ok
16:48:41.0056 2004  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys
16:48:41.0076 2004  Wd - ok
16:48:41.0196 2004  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:48:41.0256 2004  Wdf01000 - ok
16:48:41.0296 2004  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:48:41.0593 2004  WdiServiceHost - ok
16:48:41.0624 2004  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
16:48:41.0640 2004  WdiSystemHost - ok
16:48:41.0687 2004  [ A9D880F97530D5B8FEE278923349929D ] WebClient      C:\Windows\System32\webclnt.dll
16:48:41.0734 2004  WebClient - ok
16:48:41.0765 2004  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:48:41.0800 2004  Wecsvc - ok
16:48:41.0820 2004  [ AC804569BB2364FB6017370258A4091B ] wercplsupport  C:\Windows\System32\wercplsupport.dll
16:48:41.0850 2004  wercplsupport - ok
16:48:41.0910 2004  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:48:41.0930 2004  WerSvc - ok
16:48:42.0015 2004  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:48:42.0040 2004  WfpLwf - ok
16:48:42.0055 2004  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:48:42.0065 2004  WIMMount - ok
16:48:42.0080 2004  WinHttpAutoProxySvc - ok
16:48:42.0133 2004  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
16:48:42.0155 2004  Winmgmt - ok
16:48:42.0205 2004  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM          C:\Windows\system32\WsmSvc.dll
16:48:42.0273 2004  WinRM - ok
16:48:42.0338 2004  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:48:42.0360 2004  WinUsb - ok
16:48:42.0407 2004  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc        C:\Windows\System32\wlansvc.dll
16:48:42.0456 2004  Wlansvc - ok
16:48:42.0587 2004  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:48:42.0689 2004  wlidsvc - ok
16:48:42.0708 2004  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
16:48:42.0716 2004  WmiAcpi - ok
16:48:42.0741 2004  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:48:42.0766 2004  wmiApSrv - ok
16:48:42.0830 2004  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
16:48:42.0911 2004  WMPNetworkSvc - ok
16:48:42.0925 2004  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:48:42.0954 2004  WPCSvc - ok
16:48:42.0968 2004  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:48:43.0010 2004  WPDBusEnum - ok
16:48:43.0029 2004  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
16:48:43.0060 2004  ws2ifsl - ok
16:48:43.0064 2004  WSearch - ok
16:48:43.0079 2004  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:48:43.0107 2004  WudfPf - ok
16:48:43.0135 2004  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:48:43.0172 2004  WUDFRd - ok
16:48:43.0203 2004  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
16:48:43.0224 2004  wudfsvc - ok
16:48:43.0252 2004  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc        C:\Windows\System32\wwansvc.dll
16:48:43.0276 2004  WwanSvc - ok
16:48:43.0328 2004  [ A640C90B007762939507C28A021BE3B3 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
16:48:43.0360 2004  xusb21 - ok
16:48:43.0370 2004  ================ Scan global ===============================
16:48:43.0399 2004  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:48:43.0426 2004  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
16:48:43.0442 2004  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
16:48:43.0468 2004  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:48:43.0489 2004  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:48:43.0491 2004  [Global] - ok
16:48:43.0492 2004  ================ Scan MBR ==================================
16:48:43.0507 2004  [ 8E734BD7AA1D4F7E9AF58DF495F6CF9E ] \Device\Harddisk0\DR0
16:48:43.0640 2004  \Device\Harddisk0\DR0 - ok
16:48:43.0641 2004  ================ Scan VBR ==================================
16:48:43.0670 2004  [ DFFFCCDFAE6B027595EAC62ED1818C27 ] \Device\Harddisk0\DR0\Partition1
16:48:43.0673 2004  \Device\Harddisk0\DR0\Partition1 - ok
16:48:43.0682 2004  [ A2E0F132819EB966B4A1533FB3932ED6 ] \Device\Harddisk0\DR0\Partition2
16:48:43.0687 2004  \Device\Harddisk0\DR0\Partition2 - ok
16:48:43.0705 2004  [ 4BBDD681CA80E03C15623D114AF42DB9 ] \Device\Harddisk0\DR0\Partition3
16:48:43.0708 2004  \Device\Harddisk0\DR0\Partition3 - ok
16:48:43.0711 2004  ============================================================
16:48:43.0711 2004  Scan finished
16:48:43.0711 2004  ============================================================
16:48:43.0728 1856  Detected object count: 5
16:48:43.0728 1856  Actual detected object count: 5
16:48:58.0456 1856  avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:58.0456 1856  avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:48:58.0460 1856  dtsoftbus01 ( Virus.Win32.ZAccess.k ) - skipped by user
16:48:58.0460 1856  dtsoftbus01 ( Virus.Win32.ZAccess.k ) - User select action: Skip
16:48:58.0462 1856  StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:58.0463 1856  StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:48:58.0464 1856  USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:58.0464 1856  USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:48:58.0467 1856  USBDLM ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:58.0467 1856  USBDLM ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 06.09.2012 10:09
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

wecker23 10.09.2012 18:45
Hallo,
vielen dank erstmal für deine Bemühungen.
Ich habe allerdings ein Problem mit CF.
Es werden zwar alle Dateien entpackt, aber dann passiert einfach nichts mehr.
Manchmal erscheint für vielleicht eine halbe Sekunde eine blaue Konsole, bevor sich das Programm beendet.
Avira habe ich deaktiviert, ich habe es auch im abgesicherten Modus versucht.
Leider ohne Erfolg.

cosinus 10.09.2012 20:57
Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.

wecker23 11.09.2012 20:03
Das habe ich versucht, aber leider ohne Erfolg.


Jetzt hat es plötzlich doch geklappt.
Code:
ComboFix 12-09-11.01 - *** 11.09.2012  21:15:27.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3326.2639 [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\firefox.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\ComboFix.exe
c:\windows\$NtUninstallKB64217$
c:\windows\$NtUninstallKB64217$\1119429859
c:\windows\$NtUninstallKB64217$\1673304421\@
c:\windows\$NtUninstallKB64217$\1673304421\Desktop.ini
c:\windows\$NtUninstallKB64217$\1673304421\L\00000004.@
c:\windows\$NtUninstallKB64217$\1673304421\L\1afb2d56
c:\windows\$NtUninstallKB64217$\1673304421\L\201d3dde
c:\windows\$NtUninstallKB64217$\1673304421\L\xadqgnnk
c:\windows\$NtUninstallKB64217$\1673304421\U\00000004.@
c:\windows\$NtUninstallKB64217$\1673304421\U\00000008.@
c:\windows\$NtUninstallKB64217$\1673304421\U\000000cb.@
c:\windows\$NtUninstallKB64217$\1673304421\U\80000000.@
c:\windows\$NtUninstallKB64217$\1673304421\U\80000032.@
c:\windows\system32\muzapp.exe
c:\windows\system32\roboot.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
Infizierte Kopie von c:\windows\system32\drivers\dtsoftbus01.sys wurde gefunden und desinfiziert
Kopie von - The cat found it :) wurde wiederhergestellt
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-11 bis 2012-09-11  ))))))))))))))))))))))))))))))
.
.
2012-09-11 11:07 . 2012-09-11 11:07        --------        d-----w-        C:\hgjzftrjzfgji
2012-09-04 19:48 . 2012-09-04 19:48        --------        d-----w-        C:\_OTL
2012-08-20 17:56 . 2012-08-20 17:57        --------        d-----r-        c:\program files\Skype
2012-08-20 17:56 . 2012-08-20 17:56        --------        d-----w-        c:\program files\Common Files\Skype
2012-08-19 19:44 . 2011-05-30 13:42        240640        ----a-w-        c:\windows\system32\xvidvfw.dll
2012-08-19 19:44 . 2011-05-23 09:52        153088        ----a-w-        c:\windows\system32\xvid.ax
2012-08-19 19:44 . 2011-05-23 07:46        645632        ----a-w-        c:\windows\system32\xvidcore.dll
2012-08-15 12:44 . 2012-08-15 12:44        --------        d-----w-        c:\program files\EarMaster School 5
2012-08-15 12:44 . 2012-08-15 12:44        --------        d-----w-        c:\programdata\EarMaster
2012-08-13 11:35 . 2012-08-13 11:35        5115584        ----a-w-        c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 20:06 . 2012-07-17 12:57        772544        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-07-05 20:06 . 2011-10-16 14:02        687544        ----a-w-        c:\windows\system32\deployJava1.dll
2012-07-03 11:46 . 2012-08-12 14:03        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-14 00:15 . 2012-08-02 19:04        136672        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2010-02-10 1713152]
"AutoRunnerU"="c:\program files\AutoRunnerU\arusrv.exe" [2011-06-05 215040]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4StoryPrePatch]
2011-01-10 08:20        319488        ----a-w-        c:\program files\Gameforge4D\4Story\PrePatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55        937920        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 10:55        35736        ----a-w-        c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20        1305408        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08        1259376        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2011-02-23 20:19        371200        ----a-w-        c:\program files\FreePDF_XP\fpassist.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2012-01-04 06:07        937872        ----a-w-        c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-01-04 06:07        21392        ----a-w-        c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-01-04 06:07        3508624        ----a-w-        c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07        252296        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 ALSysIO;ALSysIO;c:\users\***\AppData\Local\Temp\ALSysIO.sys [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 USBDLM;USBDLM;c:\tools\USBDLM\USBDLM.exe [x]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wmf5gtdt.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Google Update - c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-Pando Media Booster - c:\program files\Pando Networks\Media Booster\PMB.exe
MSConfigStartUp-RSShutdown - c:\program files\RichiStudios\Shutdown\Autostart.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3136)
c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\tools\USBDLM\USBDLM_usr.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-11  21:29:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-11 19:29
.
Vor Suchlauf: 25 Verzeichnis(se), 47.874.273.280 Bytes frei
Nach Suchlauf: 33 Verzeichnis(se), 47.549.915.136 Bytes frei
.
- - End Of File - - A8499F2B723CBE3C7F5622C73B550567

cosinus 11.09.2012 23:31
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Folder::
C:\hgjzftrjzfgji
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

wecker23 12.09.2012 06:30
Code:
ComboFix 12-09-11.02 - *** 12.09.2012  7:21.2.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3326.2444 [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\firefox.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\hgjzftrjzfgji
c:\hgjzftrjzfgji\023.dat
c:\hgjzftrjzfgji\023v.dat
c:\hgjzftrjzfgji\023w7.dat
c:\hgjzftrjzfgji\ActiveDrv.vbs
c:\hgjzftrjzfgji\AppDataFile.cfx
c:\hgjzftrjzfgji\AppDataFolder.cfx
c:\hgjzftrjzfgji\appinit.bad
c:\hgjzftrjzfgji\asp.str
c:\hgjzftrjzfgji\Assoc.cmd
c:\hgjzftrjzfgji\ATTRIB.3XE
c:\hgjzftrjzfgji\Auto-RC.cmd
c:\hgjzftrjzfgji\av.cmd
c:\hgjzftrjzfgji\av.vbs
c:\hgjzftrjzfgji\AWF.cmd
c:\hgjzftrjzfgji\badclsid.c
c:\hgjzftrjzfgji\BFE.dat
c:\hgjzftrjzfgji\Boot-Rk.cmd
c:\hgjzftrjzfgji\Boot.bat
c:\hgjzftrjzfgji\BootDrv.vbs
c:\hgjzftrjzfgji\c.bat
c:\hgjzftrjzfgji\Catch-sub.cmd
c:\hgjzftrjzfgji\catchme.3XE
c:\hgjzftrjzfgji\CF-Script.cmd
c:\hgjzftrjzfgji\CF25745.3XE
c:\hgjzftrjzfgji\CHCP.bat
c:\hgjzftrjzfgji\clsid.c
c:\hgjzftrjzfgji\cmd.3XE
c:\hgjzftrjzfgji\Combobatch.bat
c:\hgjzftrjzfgji\ComboFix-Download.3XE
c:\hgjzftrjzfgji\Create.cmd
c:\hgjzftrjzfgji\Creg.dat
c:\hgjzftrjzfgji\CregC.cmd
c:\hgjzftrjzfgji\CregC.dat
c:\hgjzftrjzfgji\CSCRIPT.3XE
c:\hgjzftrjzfgji\dd.3XE
c:\hgjzftrjzfgji\ddsDo.sed
c:\hgjzftrjzfgji\de-DE\ATTRIB.3XE.mui
c:\hgjzftrjzfgji\de-DE\CF25745.3XE.mui
c:\hgjzftrjzfgji\de-DE\cmd.3XE.mui
c:\hgjzftrjzfgji\de-DE\CSCRIPT.3XE.mui
c:\hgjzftrjzfgji\de-DE\PING.3XE.mui
c:\hgjzftrjzfgji\de-DE\REGT.3XE.mui
c:\hgjzftrjzfgji\de-DE\ROUTE.3XE.mui
c:\hgjzftrjzfgji\DelClsid.bat
c:\hgjzftrjzfgji\DelClsid64.bat
c:\hgjzftrjzfgji\desktop.ini
c:\hgjzftrjzfgji\DesktopFile.cfx
c:\hgjzftrjzfgji\DisclaimED.dat
c:\hgjzftrjzfgji\DPF.str
c:\hgjzftrjzfgji\DrvRun.vbs
c:\hgjzftrjzfgji\dumphive.3XE
c:\hgjzftrjzfgji\embedded.sed
c:\hgjzftrjzfgji\en-US\iexplore.exe
c:\hgjzftrjzfgji\ERDNT.e_e
c:\hgjzftrjzfgji\ERDNTDOS.LOC
c:\hgjzftrjzfgji\ERDNTWIN.LOC
c:\hgjzftrjzfgji\ERUNT.3XE
c:\hgjzftrjzfgji\ERUNT.LOC
c:\hgjzftrjzfgji\Exe.reg
c:\hgjzftrjzfgji\extract.3XE
c:\hgjzftrjzfgji\FavoriteFolder.cfx
c:\hgjzftrjzfgji\FavoritesFile.cfx
c:\hgjzftrjzfgji\FD-SV.cmd
c:\hgjzftrjzfgji\ffdefstr.dll
c:\hgjzftrjzfgji\FileKill.3XE
c:\hgjzftrjzfgji\files.pif
c:\hgjzftrjzfgji\Fin.dat
c:\hgjzftrjzfgji\FIND3M.bat
c:\hgjzftrjzfgji\FIXLSP.bat
c:\hgjzftrjzfgji\FKMGen.cmd
c:\hgjzftrjzfgji\GetHive.cmd
c:\hgjzftrjzfgji\grep.3XE
c:\hgjzftrjzfgji\gsar.3XE
c:\hgjzftrjzfgji\handle.3XE
c:\hgjzftrjzfgji\hidec.3XE
c:\hgjzftrjzfgji\history.bat
c:\hgjzftrjzfgji\hwid.pif
c:\hgjzftrjzfgji\iexplore.exe
c:\hgjzftrjzfgji\image001.gif
c:\hgjzftrjzfgji\Imefile.dat
c:\hgjzftrjzfgji\Install-RC.cmd
c:\hgjzftrjzfgji\katch.cmd
c:\hgjzftrjzfgji\Kill-All.cmd
c:\hgjzftrjzfgji\KNetSvcs.vbs
c:\hgjzftrjzfgji\Lang.bat
c:\hgjzftrjzfgji\List-B.bat
c:\hgjzftrjzfgji\List-C.bat
c:\hgjzftrjzfgji\List-D.bat
c:\hgjzftrjzfgji\List.bat
c:\hgjzftrjzfgji\lnkread.vbs
c:\hgjzftrjzfgji\LocalAppDataFile.cfx
c:\hgjzftrjzfgji\LocalAppDataFolder.cfx
c:\hgjzftrjzfgji\LocalService.dat
c:\hgjzftrjzfgji\LocalServiceNetworkRestricted.dat
c:\hgjzftrjzfgji\LocalSettingsFile.cfx
c:\hgjzftrjzfgji\LocalSystemNetworkRestricted.dat
c:\hgjzftrjzfgji\mbr.3XE
c:\hgjzftrjzfgji\mbr.chk
c:\hgjzftrjzfgji\md5sum.pif
c:\hgjzftrjzfgji\MDWht.dat
c:\hgjzftrjzfgji\MoveIt.bat
c:\hgjzftrjzfgji\MpsSvc.dat
c:\hgjzftrjzfgji\mtee.3XE
c:\hgjzftrjzfgji\MUI
c:\hgjzftrjzfgji\mynul.dat
c:\hgjzftrjzfgji\ncmd.com
c:\hgjzftrjzfgji\ND_.bat
c:\hgjzftrjzfgji\ND_64.bat
c:\hgjzftrjzfgji\ndis_combofix.dat
c:\hgjzftrjzfgji\netsvc.bad.dat
c:\hgjzftrjzfgji\netsvc.dat
c:\hgjzftrjzfgji\netsvc.vista.dat
c:\hgjzftrjzfgji\netsvc.xp.dat
c:\hgjzftrjzfgji\NetworkService.dat
c:\hgjzftrjzfgji\NirCmd.3XE
c:\hgjzftrjzfgji\NircmdB.exe
c:\hgjzftrjzfgji\NirCmdC.3XE
c:\hgjzftrjzfgji\NIRKMD.3XE
c:\hgjzftrjzfgji\NlsLanguageDefault
c:\hgjzftrjzfgji\NT-OS.cmd
c:\hgjzftrjzfgji\OSid.vbs
c:\hgjzftrjzfgji\P.cmd
c:\hgjzftrjzfgji\pausep.3XE
c:\hgjzftrjzfgji\PersonalFile.cfx
c:\hgjzftrjzfgji\PersonalFolder.cfx
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-12 bis 2012-09-12  ))))))))))))))))))))))))))))))
.
.
2012-09-12 05:27 . 2012-09-12 05:27        --------        d-----w-        c:\users\***\AppData\Local\temp
2012-09-12 05:27 . 2012-09-12 05:27        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-09-11 20:10 . 2012-09-11 20:10        713784        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A69A0FCD-1E7B-495E-A98F-1E0B575877ED}\gapaengine.dll
2012-09-11 20:10 . 2012-08-22 22:15        7022536        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A046A6F4-A608-47CD-B4B1-16CDC3BACAF1}\mpengine.dll
2012-09-11 20:08 . 2012-09-11 20:09        --------        d-----w-        c:\program files\Microsoft Security Client
2012-09-11 19:13 . 2011-04-16 14:56        218688        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2012-09-11 19:09 . 2012-09-11 19:29        --------        d-----w-        C:\firefox
2012-09-11 11:29 . 2012-09-11 11:29        --------        d-----w-        C:\hgjzftrjzfgji25138h
2012-09-11 11:26 . 2012-09-11 11:26        --------        d-----w-        C:\hgjzftrjzfgji19620h
2012-09-04 19:48 . 2012-09-04 19:48        --------        d-----w-        C:\_OTL
2012-08-20 17:56 . 2012-08-20 17:57        --------        d-----r-        c:\program files\Skype
2012-08-20 17:56 . 2012-08-20 17:56        --------        d-----w-        c:\program files\Common Files\Skype
2012-08-19 19:44 . 2011-05-30 13:42        240640        ----a-w-        c:\windows\system32\xvidvfw.dll
2012-08-19 19:44 . 2011-05-23 09:52        153088        ----a-w-        c:\windows\system32\xvid.ax
2012-08-19 19:44 . 2011-05-23 07:46        645632        ----a-w-        c:\windows\system32\xvidcore.dll
2012-08-15 12:44 . 2012-08-15 12:44        --------        d-----w-        c:\program files\EarMaster School 5
2012-08-15 12:44 . 2012-08-15 12:44        --------        d-----w-        c:\programdata\EarMaster
2012-08-13 11:35 . 2012-08-13 11:35        5115584        ----a-w-        c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 20:06 . 2012-07-17 12:57        772544        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-07-05 20:06 . 2011-10-16 14:02        687544        ----a-w-        c:\windows\system32\deployJava1.dll
2012-07-03 11:46 . 2012-08-12 14:03        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-14 00:15 . 2012-08-02 19:04        136672        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2010-02-10 1713152]
"AutoRunnerU"="c:\program files\AutoRunnerU\arusrv.exe" [2011-06-05 215040]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4StoryPrePatch]
2011-01-10 08:20        319488        ----a-w-        c:\program files\Gameforge4D\4Story\PrePatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55        937920        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 10:55        35736        ----a-w-        c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20        1305408        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08        1259376        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2011-02-23 20:19        371200        ----a-w-        c:\program files\FreePDF_XP\fpassist.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2012-01-04 06:07        937872        ----a-w-        c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-01-04 06:07        21392        ----a-w-        c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-01-04 06:07        3508624        ----a-w-        c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07        252296        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 ALSysIO;ALSysIO;c:\users\***\AppData\Local\Temp\ALSysIO.sys [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 USBDLM;USBDLM;c:\tools\USBDLM\USBDLM.exe [x]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\wmf5gtdt.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-12  07:28:16
ComboFix-quarantined-files.txt  2012-09-12 05:28
ComboFix2.txt  2012-09-11 19:29
.
Vor Suchlauf: 32 Verzeichnis(se), 48.332.365.824 Bytes frei
Nach Suchlauf: 33 Verzeichnis(se), 47.906.238.464 Bytes frei
.
- - End Of File - - 826AD014A2713D3EF1B41C8D528685D2

cosinus 12.09.2012 13:10
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

wecker23 12.09.2012 19:47
GMER:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-12 20:23:00
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 MAXTOR_STM3160215AS rev.4.AAB
Running: umt8ifm2.exe; Driver: C:\Users\***\AppData\Local\Temp\fgloipob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                            82C593C9 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82C92D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          C:\Windows\system32\DRIVERS\atikmdag.sys                                                                            section is writeable [0x93A29000, 0x2D5378, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Program Files\AutoRunnerU\arusrv.exe[2120] @ C:\Windows\system32\ADVAPI32.DLL [KERNEL32.dll!GetProcAddress]      [7585FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\AutoRunnerU\arusrv.exe[2120] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]        [7585FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\AutoRunnerU\arusrv.exe[2120] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]        [7585FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\AutoRunnerU\arusrv.exe[2120] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]      [7585FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\AutoRunnerU\arusrv.exe[2120] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]      [7585FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\AutoRunnerU\arusrv.exe[2120] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]      [7585FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004c                                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xE2 0x63 0x26 0xF1 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x6A 0x9C 0xD6 0x61 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0x25 0xDA 0xEC 0x7E ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x3E 0x1E 0x9E 0xE0 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xCD 0x44 0xCD 0xB9 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xDF 0x20 0x58 0x62 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0xFB 0xA7 0x78 0xE6 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0x01 0x3A 0x48 0xFC ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0xF6 0x0F 0x4E 0x58 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0xB1 0xCD 0x45 0x5A ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0xF8 0x31 0x0F 0xA9 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----
OSAM:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:31:51 on 12.09.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 14.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ALSysIO" (ALSysIO) - ? - C:\Users\***\AppData\Local\Temp\ALSysIO.sys  (File not found)
"Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl.sys
"AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys
"catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys  (File not found)
"EagleXNt" (EagleXNt) - ? - C:\Windows\system32\drivers\EagleXNt.sys  (File not found)
"fgloipob" (fgloipob) - ? - C:\Users\***\AppData\Local\Temp\fgloipob.sys  (Hidden registry entry, rootkit activity | File not found)
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - C:\Program Files\Pinnacle\VideoSpin\Programs\BlueShellExt.dll  (File not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - ? - C:\Windows\system32\wuaucpl.cpl  (File not found)
{4380C993-0C43-4E02-9A7A-0D40B6EA7590} "DefragglerShellExtension Class" - "Piriform Ltd" - C:\Program Files\Defraggler\DefragglerShell.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - c:\PROGRA~1\MI8079~1\shellext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -  (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.5.1" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.5.1" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} "Free Download Manager" - ? - C:\Program Files\Free Download Manager\iefdm2.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"RocketDock" - ? - "C:\Program Files\RocketDock\RocketDock.exe"  (File found, but it contains no detailed information)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AutoRunnerU" - "Bernhard Fomm, Munich" - C:\Program Files\AutoRunnerU\arusrv.exe /run
"HDAudDeck" - "VIA" - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
"MSC" - "Microsoft Corporation" - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"HP Discovery Port Monitor (HP Officejet 6500 E710n-z)" - "Hewlett-Packard Co." - C:\Windows\system32\HPDiscoPM5412.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\NisSrv.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\MsMpEng.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Skype C2C Service" (Skype C2C Service) - "Skype Technologies S.A." - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"USBDLM" (USBDLM) - "Uwe Sieber - www.uwe-sieber.de" - C:\Tools\USBDLM\USBDLM.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
aswMBR:
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-12 21:01:27
-----------------------------
21:01:27.663    OS Version: Windows 6.1.7601 Service Pack 1
21:01:27.663    Number of processors: 2 586 0x603
21:01:27.663    ComputerName: ***-PC  UserName: ***
21:01:29.160    Initialize success
21:01:40.626    AVAST engine defs: 12091200
21:02:58.829    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:02:58.845    Disk 0 Vendor: MAXTOR_STM3160215AS 4.AAB Size: 152627MB BusType: 3
21:02:58.860    Disk 0 MBR read successfully
21:02:58.860    Disk 0 MBR scan
21:02:58.860    Disk 0 unknown MBR code
21:02:58.876    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 83968
21:02:58.892    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        40000 MB offset 288768
21:02:58.907    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        90920 MB offset 82208768
21:02:58.923    Disk 0 Partition - 00    05    Extended            21565 MB offset 268414974
21:02:58.954    Disk 0 Partition 4 00    82  Linux swap              3207 MB offset 306012160
21:02:58.970    Disk 0 Partition - 00    05    Extended            18358 MB offset 268414975
21:02:59.001    Disk 0 scanning sectors +312580096
21:02:59.079    Disk 0 scanning C:\Windows\system32\drivers
21:03:10.498    Service scanning
21:03:54.958    Modules scanning
21:04:08.187    Disk 0 trace - called modules:
21:04:08.218    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
21:04:08.234    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86318ac8]
21:04:08.249    3 CLASSPNP.SYS[8bd8259e] -> nt!IofCallDriver -> [0x8625b918]
21:04:08.249    5 ACPI.sys[8b8143d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86313030]
21:04:08.265    Scan finished successfully
21:06:35.014    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
21:06:35.030    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"

cosinus 13.09.2012 12:23
Code:
21:02:58.860    Disk 0 unknown MBR code
21:02:58.876    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 83968
21:02:58.892    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        40000 MB offset 288768
21:02:58.907    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        90920 MB offset 82208768
21:02:58.923    Disk 0 Partition - 00    05    Extended            21565 MB offset 268414974
21:02:58.954    Disk 0 Partition 4 00    82  Linux swap              3207 MB offset 306012160
21:02:58.970    Disk 0 Partition - 00    05    Extended            18358 MB offset 268414975
Du hast offensichtlich eine Dualboot-Umgebung mit Windows und Linux. Ist das korrekt und dir auch bewusst?

wecker23 13.09.2012 15:26
Ja, ich habe Windows und Ubuntu auf meinem Rechner am laufen.

cosinus 13.09.2012 21:42
Dann lassen wir den MBR wohl mal besser in Ruhe oder :D

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

wecker23 14.09.2012 16:03
Malwarebytes Anti-Malware:
Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.14.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

14.09.2012 13:40:53
mbam-log-2012-09-14 (15-58-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 354673
Laufzeit: 2 Stunde(n), 17 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\dtsoftbus01.sys.vir (Trojan.Agent.MRGGen) -> Keine Aktion durchgeführt.

(Ende)
SUPERAntiSpyware Scan:
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/14/2012 at 04:52 PM

Application Version : 5.5.1016

Core Rules Database Version : 9228
Trace Rules Database Version: 7040

Scan type      : Complete Scan
Total Scan Time : 00:45:53

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 490
Memory threats detected  : 0
Registry items scanned    : 34834
Registry threats detected : 0
File items scanned        : 52269
File threats detected    : 43

Adware.Tracking Cookie
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\4O7L1H00.txt [ /mediaplex.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\PUR9TJTJ.txt [ /zanox.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\9GLAR0N6.txt [ /www.active-tracking.de ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\FBT1HJ50.txt [ /atdmt.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\BJYJ45KT.txt [ /imrworldwide.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\WQV9GM2D.txt [ /track.adform.net ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\945BU98S.txt [ /fastclick.net ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\GA6XECIL.txt [ /apmebf.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\E8B26U8D.txt [ /c.atdmt.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\HR6N3ASX.txt [ /ad1.adfarm1.adition.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\Y95HGUMN.txt [ /ad.zanox.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\A62DVQCC.txt [ /adfarm1.adition.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\C3BO3M5R.txt [ /adform.net ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\3A6E94RS.txt [ /doubleclick.net ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\LDLDJCY0.txt [ Cookie:***@www.otrkeyfinder.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\I975KX1M.txt [ Cookie:***@ad.yieldmanager.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\L6SY41DY.txt [ Cookie:***@www.active-tracking.de/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\JSIVL0TX.txt [ Cookie:***@atdmt.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\1Y06SKX2.txt [ Cookie:***@smartadserver.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\J3COT6XZ.txt [ Cookie:***@imrworldwide.com/cgi-bin ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\0YG782DS.txt [ Cookie:***@tradedoubler.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\NJUV0RKE.txt [ Cookie:***@apmebf.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\8T9AELZR.txt [ Cookie:***@c.atdmt.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\WYOFHE1P.txt [ Cookie:***@ad.dyntracker.de/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\29R2PZFR.txt [ Cookie:***@adfarm1.adition.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\I2UGYGHY.txt [ Cookie:***@ad.zanox.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\EQTCAB3K.txt [ Cookie:***@zanox-affiliate.de/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z4ISV1L9.txt [ Cookie:***@doubleclick.net/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\RJRKHK3V.txt [ Cookie:***@www.zanox-affiliate.de/ ]
        C:\USERS\***\Cookies\4O7L1H00.txt [ Cookie:***@mediaplex.com/ ]
        C:\USERS\***\Cookies\9GLAR0N6.txt [ Cookie:***@www.active-tracking.de/ ]
        C:\USERS\***\Cookies\FBT1HJ50.txt [ Cookie:***@atdmt.com/ ]
        C:\USERS\***\Cookies\BJYJ45KT.txt [ Cookie:***@imrworldwide.com/cgi-bin ]
        C:\USERS\***\Cookies\WQV9GM2D.txt [ Cookie:***@track.adform.net/ ]
        C:\USERS\***\Cookies\945BU98S.txt [ Cookie:***@fastclick.net/ ]
        C:\USERS\***\Cookies\GA6XECIL.txt [ Cookie:***@apmebf.com/ ]
        C:\USERS\***\Cookies\E8B26U8D.txt [ Cookie:***@c.atdmt.com/ ]
        C:\USERS\***\Cookies\HR6N3ASX.txt [ Cookie:***@ad1.adfarm1.adition.com/ ]
        C:\USERS\***\Cookies\Y95HGUMN.txt [ Cookie:***@ad.zanox.com/ ]
        C:\USERS\***\Cookies\A62DVQCC.txt [ Cookie:***@adfarm1.adition.com/ ]
        C:\USERS\***\Cookies\C3BO3M5R.txt [ Cookie:***@adform.net/ ]
        C:\USERS\***\Cookies\3A6E94RS.txt [ Cookie:***@doubleclick.net/ ]
        delivery.ibanner.de [ C:\_OTL\MOVEDFILES\09042012_214852\C_WINDOWS\$NTUNINSTALLKB64217$\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DB6RZQ75 ]

cosinus 14.09.2012 20:13
Code:
UAC On - Limited User
Wie hast du sasw gestartet? Einfach per Doppelklick?

wecker23 14.09.2012 21:09
Ja, soll ich es als Admin starten?

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/15/2012 at 12:54 PM

Application Version : 5.5.1016

Core Rules Database Version : 9234
Trace Rules Database Version: 7046

Scan type      : Complete Scan
Total Scan Time : 00:48:42

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 552
Memory threats detected  : 0
Registry items scanned    : 34934
Registry threats detected : 0
File items scanned        : 56395
File threats detected    : 44

Adware.Tracking Cookie
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\4O7L1H00.txt [ /mediaplex.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\PUR9TJTJ.txt [ /zanox.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\9GLAR0N6.txt [ /www.active-tracking.de ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\FBT1HJ50.txt [ /atdmt.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\BJYJ45KT.txt [ /imrworldwide.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\WQV9GM2D.txt [ /track.adform.net ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\945BU98S.txt [ /fastclick.net ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\GA6XECIL.txt [ /apmebf.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\E8B26U8D.txt [ /c.atdmt.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\HR6N3ASX.txt [ /ad1.adfarm1.adition.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\Y95HGUMN.txt [ /ad.zanox.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\A62DVQCC.txt [ /adfarm1.adition.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\C3BO3M5R.txt [ /adform.net ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\3A6E94RS.txt [ /doubleclick.net ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\LDLDJCY0.txt [ Cookie:***@www.otrkeyfinder.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\I975KX1M.txt [ Cookie:***@ad.yieldmanager.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\L6SY41DY.txt [ Cookie:***@www.active-tracking.de/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\JSIVL0TX.txt [ Cookie:***@atdmt.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\1Y06SKX2.txt [ Cookie:***@smartadserver.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\J3COT6XZ.txt [ Cookie:***@imrworldwide.com/cgi-bin ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\0YG782DS.txt [ Cookie:***@tradedoubler.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\NJUV0RKE.txt [ Cookie:***@apmebf.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\8T9AELZR.txt [ Cookie:***@c.atdmt.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\WYOFHE1P.txt [ Cookie:***@ad.dyntracker.de/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\29R2PZFR.txt [ Cookie:***@adfarm1.adition.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\I2UGYGHY.txt [ Cookie:***@ad.zanox.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\EQTCAB3K.txt [ Cookie:***@zanox-affiliate.de/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z4ISV1L9.txt [ Cookie:***@doubleclick.net/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\RJRKHK3V.txt [ Cookie:***@www.zanox-affiliate.de/ ]
        C:\USERS\***\Cookies\4O7L1H00.txt [ Cookie:***@mediaplex.com/ ]
        C:\USERS\***\Cookies\9GLAR0N6.txt [ Cookie:***@www.active-tracking.de/ ]
        C:\USERS\***\Cookies\FBT1HJ50.txt [ Cookie:***@atdmt.com/ ]
        C:\USERS\***\Cookies\BJYJ45KT.txt [ Cookie:***@imrworldwide.com/cgi-bin ]
        C:\USERS\***\Cookies\WQV9GM2D.txt [ Cookie:***@track.adform.net/ ]
        C:\USERS\***\Cookies\945BU98S.txt [ Cookie:***@fastclick.net/ ]
        C:\USERS\***\Cookies\GA6XECIL.txt [ Cookie:***@apmebf.com/ ]
        C:\USERS\***\Cookies\E8B26U8D.txt [ Cookie:***@c.atdmt.com/ ]
        C:\USERS\***\Cookies\HR6N3ASX.txt [ Cookie:***@ad1.adfarm1.adition.com/ ]
        C:\USERS\***\Cookies\Y95HGUMN.txt [ Cookie:***@ad.zanox.com/ ]
        C:\USERS\***\Cookies\A62DVQCC.txt [ Cookie:***@adfarm1.adition.com/ ]
        C:\USERS\***\Cookies\C3BO3M5R.txt [ Cookie:***@adform.net/ ]
        C:\USERS\***\Cookies\3A6E94RS.txt [ Cookie:***@doubleclick.net/ ]
        delivery.ibanner.de [ C:\_OTL\MOVEDFILES\09042012_214852\C_WINDOWS\$NTUNINSTALLKB64217$\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DB6RZQ75 ]

cosinus 15.09.2012 12:35
Ja einfach das umsetzen was in meiner Anleitung zu sasw steht, so ist es richtig

Sieht ok aus, da wurden nur Cookies gefunden. Der andere Fund bei Malwarebytes ist nur ein Element in der Q von Combofix.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

wecker23 15.09.2012 13:20
Vielen dank für deine Hilfe.
Es läuft wieder alles einwandfrei :-)

cosinus 16.09.2012 15:07
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:14 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131