Hallo
Ich habe seit kurzem ein Problem mit dem oben genannten Trojaner. Antivir findet ihn immer wieder und kann ihn wohl nicht löschen. Zudem ist mein Internet verlangsamt und ich werde im Firefox manchmal bei Links der Google Suche auf fremde (werbe) Seiten umgeleitet.

Antivir Fund: Die Datei 'C:\Users\***\AppData\Roaming\Microsoft\Windows\shell.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan].

MBAM Log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5114

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.11.2010 19:37:50
mbam-log-2010-11-14 (19-37-50).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 141958
Laufzeit: 4 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 10

Infizierte Speicherprozesse:
C:\Users\***\AppData\Roaming\download2\svcnost.exe (Spyware.Passwords) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\download (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\engel (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\bk (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\idln2 (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\***\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\***\AppData\Roaming\download2\svcnost.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\updates\updates.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\0.37394991802443556.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousedriver.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\jar_cache1898140124250296401.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\jar_cache5951535953393146632.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\0.8138964589455648.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\1871767.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\6986732.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\Microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.



OTL LogOTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 14.11.2010 19:44:29 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\***\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698,63 Gb Total Space | 113,30 Gb Free Space | 16,22% Space Free | Partition Type: NTFS
Drive I: | 279,45 Gb Total Space | 263,49 Gb Free Space | 94,29% Space Free | Partition Type: NTFS
Drive J: | 465,76 Gb Total Space | 39,24 Gb Free Space | 8,42% Space Free | Partition Type: NTFS
 
Computer Name: RAKEM | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\EverestUltimate\everest.exe (Lavalys, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\VM305_STI.EXE (Vimicro)
PRC - C:\Programme\Borland\InterBase\bin\ibserver.exe (Borland Software Corporation)
PRC - C:\Programme\Borland\InterBase\bin\ibguard.exe (Borland Software Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TunngleService) -- C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30128_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (InterBaseServer) -- C:\Programme\Borland\InterBase\bin\ibserver.exe (Borland Software Corporation)
SRV - (InterBaseGuardian) -- C:\Programme\Borland\InterBase\bin\ibguard.exe (Borland Software Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\System32\drivers\tap0901t.sys (Tunngle.net)
DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (npkcrypt) -- C:\Programme\Lineage II\system\npkcrypt.sys (INCA Internet Co., Ltd.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (EverestDriver) -- C:\Programme\EverestUltimate\kerneld.wnt ()
DRV - (RivaTuner32) -- C:\Programme\RivaTuner v2.24\RivaTuner32.sys ()
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (ZSMC0305) -- C:\Windows\System32\drivers\usbVM305.sys (Vimicro Corporation)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (PLCNDIS5) -- C:\Windows\system32\plcndis5.sys (Intellon, Inc.)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.6
FF - prefs.js..extensions.enabledItems: glasser@sixxgate.com:3.5.2
FF - prefs.js..extensions.enabledItems: keyconfig@dorando:20080929
FF - prefs.js..extensions.enabledItems: extension@openitonline.com:2.9
FF - prefs.js..extensions.enabledItems: {a66191d8-898b-4a66-89be-d5b279477a54}:0.2.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: aerofox@virtusdesigns.com:3.6.2
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.01.09 18:02:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.09 20:42:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.31 11:13:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.10.08 20:29:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.10.08 20:29:34 | 000,000,000 | ---D | M]
 
[2010.01.09 18:35:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.11.13 20:41:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c9pr42gr.default\extensions
[2010.01.09 18:35:09 | 000,000,000 | ---D | M] (Hide Caption) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c9pr42gr.default\extensions\{002349F5-59AB-4fdc-8329-BF4248243C95}
[2010.01.09 18:35:09 | 000,000,000 | ---D | M] (disablemenu) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c9pr42gr.default\extensions\{0EFD958A-0827-11da-C687-0001038A43E2}
[2010.10.24 12:44:17 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c9pr42gr.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2010.10.08 21:18:10 | 000,000,000 | ---D | M] (Single Key Tab Switch) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c9pr42gr.default\extensions\{a66191d8-898b-4a66-89be-d5b279477a54}
[2010.10.24 12:44:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c9pr42gr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.11.04 08:44:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c9pr42gr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.02.21 11:31:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c9pr42gr.default\extensions\aerofox@virtusdesigns.com
[2009.09.12 10:55:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c9pr42gr.default\extensions\askopensearch-VTS@ask.com
[2010.03.07 15:30:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c9pr42gr.default\extensions\battlefieldheroespatcher@ea.com
[2010.10.24 12:44:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c9pr42gr.default\extensions\extension@openitonline.com
[2010.08.20 13:54:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c9pr42gr.default\extensions\firetorrent@radicalsoft.com
[2010.01.10 11:35:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c9pr42gr.default\extensions\glasser@sixxgate.com
[2010.01.09 18:35:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c9pr42gr.default\extensions\keyconfig@dorando
[2010.06.19 11:25:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c9pr42gr.default\extensions\piclens@cooliris.com
[2010.10.24 12:44:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c9pr42gr.default\extensions\extension@openitonline.com\chrome
[2010.10.24 12:44:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c9pr42gr.default\extensions\extension@openitonline.com\components
[2010.10.24 12:44:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c9pr42gr.default\extensions\extension@openitonline.com\defaults
[2010.10.24 12:44:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c9pr42gr.default\extensions\extension@openitonline.com\META-INF
[2010.02.21 11:31:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c9pr42gr.default\extensions\aerofox@virtusdesigns.com\chrome\win\browser\extensions
[2010.02.21 11:31:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c9pr42gr.default\extensions\aerofox@virtusdesigns.com\chrome\win\mozapps\extensions
[2010.11.13 20:41:42 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.10.31 11:13:52 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.31 11:13:52 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.31 11:13:52 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.31 11:13:52 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.31 11:13:52 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.11.09 20:49:20 | 000,425,158 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 192.168.112.2O7.net
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 2o7.net
O1 - Hosts: 66.235.128.0 - 66.235.159.255
O1 - Hosts: adobe.com
O1 - Hosts: 192.150.18.0 - 192.150.18.255
O1 - Hosts: 192.150.22.0 - 192.150.22.255
O1 - Hosts: 192.150.11.0 - 192.150.11.255
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 14646 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BigDog305] C:\Windows\VM305_STI.EXE (Vimicro)
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.24\RivaTunerWrapper.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [EVEREST AutoStart] C:\Programme\EverestUltimate\everest_start.exe ()
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\***\Pictures\Wallpaper\wallpaper7_2.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\Pictures\Wallpaper\wallpaper7_2.jpg
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.13 15:49:44 | 000,194,408 | ---- | M] () - C:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2010.11.13 15:49:44 | 000,007,372 | ---- | M] () - C:\AUTO.pst -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\steambackup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.14 19:31:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.11.14 19:31:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.14 19:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.14 19:31:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.14 19:31:29 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.11.14 19:31:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.11.14 15:18:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2010.11.14 15:17:21 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.11.14 15:17:21 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.11.13 20:37:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\download
[2010.11.13 15:35:41 | 000,000,000 | ---D | C] -- C:\Programme\PATRIZIER II Gold
[2010.11.13 15:00:41 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.11.13 15:00:41 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.11.13 14:57:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.11.12 19:16:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\updates
[2010.11.12 19:15:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\download2
[2010.11.07 12:22:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2010.11.07 12:22:33 | 000,000,000 | ---D | C] -- C:\Programme\Free Audio Converter
[2010.10.27 14:49:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\AOL
[2010.10.27 14:49:03 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2
[2010.10.17 17:21:22 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ArcaniA - Gothic 4
[2010.10.17 16:32:45 | 000,000,000 | ---D | C] -- C:\Programme\ArcaniA - Gothic 4
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.14 19:43:18 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.11.14 19:40:58 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.14 19:40:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.14 19:40:38 | 2616,496,128 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.14 19:39:42 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2010.11.14 19:31:34 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.14 19:31:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.11.14 18:49:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.14 18:24:04 | 000,137,976 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.11.14 18:23:55 | 000,234,280 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.11.14 15:19:55 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.11.14 15:19:55 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.11.14 15:18:22 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.14 15:18:22 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.13 16:07:40 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.11.13 15:49:44 | 000,194,408 | ---- | M] () -- C:\AUTO.pat
[2010.11.13 15:49:44 | 000,007,372 | ---- | M] () -- C:\AUTO.pst
[2010.11.13 15:36:40 | 000,001,086 | ---- | M] () -- C:\Users\***\Desktop\PATRIZIER II Gold starten.lnk
[2010.11.13 15:01:34 | 000,001,796 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.11.12 15:26:10 | 000,707,062 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.12 15:26:10 | 000,660,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.12 15:26:10 | 000,152,548 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.12 15:26:10 | 000,124,744 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.09 20:49:20 | 000,425,158 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.11.05 19:18:49 | 000,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010.10.26 18:36:26 | 000,000,136 | ---- | M] () -- C:\Users\***\Desktop\EFT.exe - Verknüpfung - Verknüpfung.lnk
[2010.10.22 17:37:39 | 000,200,530 | ---- | M] () -- C:\Users\***\Documents\ts3_clientui-win32-12599-2010-10-22 18_37_36.097210.dmp
[2010.10.21 13:36:56 | 000,000,136 | ---- | M] () -- C:\Users\***\Desktop\EVEMon - Verknüpfung.lnk
[2010.10.20 12:36:59 | 000,001,307 | ---- | M] () -- C:\Users\***\Desktop\eve.lnk
[2010.10.20 10:08:47 | 000,051,560 | ---- | M] () -- C:\Users\***\Documents\EVEMon_Settings_2418.xml.bak
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.14 19:31:34 | 000,001,022 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.13 16:07:40 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.11.13 15:46:44 | 000,194,408 | ---- | C] () -- C:\AUTO.pat
[2010.11.13 15:46:44 | 000,007,372 | ---- | C] () -- C:\AUTO.pst
[2010.11.13 15:36:40 | 000,001,086 | ---- | C] () -- C:\Users\***\Desktop\PATRIZIER II Gold starten.lnk
[2010.11.13 15:01:34 | 000,001,796 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.10.26 18:36:26 | 000,000,136 | ---- | C] () -- C:\Users\***\Desktop\EFT.exe - Verknüpfung - Verknüpfung.lnk
[2010.10.22 17:37:36 | 000,200,530 | ---- | C] () -- C:\Users\***\Documents\ts3_clientui-win32-12599-2010-10-22 18_37_36.097210.dmp
[2010.10.21 13:36:56 | 000,000,136 | ---- | C] () -- C:\Users\***\Desktop\EVEMon - Verknüpfung.lnk
[2010.10.20 12:36:41 | 000,001,307 | ---- | C] () -- C:\Users\***\Desktop\eve.lnk
[2010.10.20 10:21:27 | 000,051,560 | ---- | C] () -- C:\Users\***\Documents\EVEMon_Settings_2418.xml.bak
[2010.08.18 13:29:25 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2010.06.22 19:08:10 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2010.05.11 19:37:10 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009.11.21 14:27:49 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.11.21 14:27:47 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.05.02 12:43:52 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.04.21 19:54:16 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.04.10 14:08:33 | 000,137,976 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.04.10 14:08:32 | 000,138,056 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2009.04.10 13:18:01 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2009.04.09 22:13:42 | 000,035,388 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009.04.09 22:10:37 | 000,034,944 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.03.28 03:34:25 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009.03.27 17:37:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.10.28 16:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2007.12.28 16:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2010.05.10 13:22:37 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2010.01.09 18:34:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acreon
[2010.04.04 15:16:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2010.04.14 17:31:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoSoSys
[2009.04.10 13:55:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools
[2010.01.09 18:34:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.01.09 18:34:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro
[2010.01.09 18:34:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DNA
[2010.11.13 20:37:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\download
[2010.11.14 19:37:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\download2
[2010.11.07 12:22:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2010.10.20 10:21:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EVEMon
[2010.01.09 18:34:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.06.30 13:05:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2010.01.09 18:34:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.11.13 20:53:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.05.23 14:45:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2010.02.05 18:52:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.09.19 22:53:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXON
[2010.04.15 17:58:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mumble
[2010.01.09 18:35:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2010.01.09 18:35:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.01.09 18:35:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2010.01.09 18:35:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2010.04.24 17:30:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Soldat
[2010.01.09 18:35:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion
[2010.01.09 18:35:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly
[2010.01.09 18:35:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.02.11 20:44:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2010.06.26 06:36:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tunngle
[2010.06.22 19:09:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Turbine
[2010.03.08 18:08:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2010.11.14 19:37:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\updates
[2010.09.21 22:04:16 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:A15D6B27
 
< End of report >
         

--- --- ---


OTL Extras LogOTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 14.11.2010 19:44:29 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\***\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698,63 Gb Total Space | 113,30 Gb Free Space | 16,22% Space Free | Partition Type: NTFS
Drive I: | 279,45 Gb Total Space | 263,49 Gb Free Space | 94,29% Space Free | Partition Type: NTFS
Drive J: | 465,76 Gb Total Space | 39,24 Gb Free Space | 8,42% Space Free | Partition Type: NTFS
 
Computer Name: RAKEM | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\***\AppData\Local\Temp\0.9999599101546454.exe" = C:\Users\***\AppData\Local\Temp\0.9999599101546454.exe:*:Enabled:ldrsoft -- File not found
"C:\Users\***\AppData\Roaming\download2\svcnost.exe" = C:\Users\***\AppData\Roaming\download2\svcnost.exe:*:Enabled:ldrsoft -- File not found
"C:\Users\***\AppData\Local\Temp\0.945060464745855.exe" = C:\Users\***\AppData\Local\Temp\0.945060464745855.exe:*:Enabled:ldrsoft -- File not found
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}" = Lineage II
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{21040472-F8DF-48A9-A093-2986C1495670}" = Lineage II
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord - Raising Hell
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 18
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{31C2C2CB-20E3-4D68-B5AF-5CE23A4C4C40}" = TBNLauncher
"{32A3A4F4-B792-11D6-A78A-00B0D0160130}" = Java(TM) SE Development Kit 6 Update 13
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AB50D6D-97FA-45F9-8FFC-A100DD37A159}" = League of Legends
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE 
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5DC6B387-DCD5-4B66-B866-434020FF2ECC}" = TortoiseSVN 1.6.7.18415 (32 bit)
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{72263053-50D1-4598-9502-51ED64E54C51}" = Borland Delphi 7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine(R)2 Sandbox(TM)2
"{7EE9145D-C430-44E6-B5ED-61FF9C332100}_is1" = Battle of the Immortals
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116757403}" = Mevo and The Groove Riders
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84D04D4F-2201-4AED-BE9A-FFA62069CA19}_is1" = reFX Nexus 1.0.0
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F59C3AE-81B0-4EF6-9762-D674BB079705}" = Nokia Software Updater
"{A0494B41-EBD7-4C0D-91B7-DC39741B27BB}" = Express Gate
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{B8742BE5-6238-3EC0-A9B9-CD562E054A54}" = Microsoft .NET Framework 4 Client Profile
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C93029EF-511A-479B-8C94-83CA26E3894B}" = Aion
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{D54640A3-2C2B-4CB1-9666-01E55F54E7F5}" = NCsoft Launcher
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0AD8FC1-1860-33CA-9CFE-5962B91DDDEB}" = Microsoft .NET Framework 4 Extended
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{EE55714B-B67C-4D08-97AE-0CF4AC5A3A77}" = StuffIt Expander 2010
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.11.00.812
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Algodoo_is1" = Algodoo v1.6.0
"Any Video Converter_is1" = Any Video Converter 3.0.3
"ArcaniA" = ArcaniA - Gothic 4
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Bloody AION" = Bloody AION
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Windows-Treiberpaket - Nokia Modem (02/24/2009 4.0)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dlanconf" = devolo dLAN-Konfigurationsassistent
"Download Manager" = Download Manager 2.3.9
"dslmon" = devolo Informer
"DynDNSUpdater" = DynDNS Updater
"E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Windows-Treiberpaket - Nokia Modem (02/23/2009 7.01.0.2)
"EADM" = EA Download Manager
"easyclean" = devolo EasyClean
"easyshare" = devolo EasyShare
"ESL GUI" = ESL GUI 2.05 (CS:S)
"EVE" = EVE Online (remove only)
"EVE-Central.com MarketUploader" = EVE-Central.com MarketUploader 1.3.1
"EVEMon" = EVEMon
"FileZilla Client" = FileZilla Client 3.2.0
"Firefox Preloader_is1" = Firefox Preloader
"FL Studio 9" = FL Studio 9
"FL Studio_is1" = FL Studio v7.0
"Free Audio Converter_is1" = Free Audio Converter version 2.2.9
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Freelancer 1.0" = Freelancer
"GamersFirst LIVE!" = GamersFirst LIVE!
"Google Updater" = Google Updater
"Guild Wars" = GUILD WARS
"GuildWars Visions_is1" = GuildWars Visions v1.08
"Hamachi" = Hamachi 1.0.3.0
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"IL Download Manager" = IL Download Manager
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InterBase" = InterBase 6.5
"IsoBuster_is1" = IsoBuster 2.8
"L2NET - Web Installer" = L2NET - Web Installer v3.0
"League of Legends_is1" = League of Legends
"LOCO" = LOCO EU
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mathcad 8 Explorer" = Mathcad 8 Explorer
"MAXOND3697142" = CINEMA 4D 11.514
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"mIRC" = mIRC
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Mumble" = Mumble and Murmur
"nbi-nb-base-6.5.1.0.200903060201" = NetBeans IDE 6.5.1
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.6.5
"Patrizier II Gold_is1" = Patrizier II Gold
"Plants vs. Zombies" = Plants vs. Zombies
"PoiZone" = PoiZone
"PowerISO" = PowerISO
"Prototype_is1" = Prototype
"PunkBusterSvc" = PunkBuster Services
"reFX Nexus 1.0.9_is1" = reFX Nexus 1.0.9
"RivaTuner" = RivaTuner v2.24
"Savage2" = Savage 2 - A Tortured Soul
"Sawer" = Sawer
"Sniper Ghost Warrior_is1" = Sniper Ghost Warrior
"Soldat_is1" = Soldat 1.5.0
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 13140" = America's Army 3
"Steam App 17510" = Age of Chivalry
"Steam App 17550" = Eternal Silence
"Steam App 17700" = Insurgency
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 240" = Counter-Strike: Source
"Steam App 4000" = Garry's Mod
"Steam App 440" = Team Fortress 2
"Steam App 590" = Left 4 Dead 2 Demo
"Steam App 630" = Alien Swarm
"Steam App 7940" = Call of Duty 4: Modern Warfare
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Toxic Biohazard" = Toxic Biohazard
"Tunngle beta_is1" = Tunngle beta
"Uninstall_is1" = Uninstall 1.0.0.1
"vbcpp40" = VisiBroker for Cpp 4.5
"Videora iPod Converter" = Videora iPod Converter 5.03
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 0.9.8a
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR
"Worms Armageddon" = Worms Armageddon
"Xfire" = Xfire (remove only)
"ZHLT Compile GUI" = ZHLT Compile GUI X²
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"5f48e2ab41c5d005" = RapidShare Manager
"BitTorrent DNA" = DNA
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         

--- --- ---




Ich bitte um eine baldige Antwort
MfG Rakem

Zitat:

Art des Suchlaufs: Quick-Scan

Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Vielen Dank für die schnelle Antwort. Hier noch einmal das logfile des kompletten MBAM Scans.
Die Firefox Symptome sind übrigends nach dem Quickscan verschwunden.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5114

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.11.2010 08:12:01
mbam-log-2010-11-15 (08-12-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|I:\|J:\|)
Durchsuchte Objekte: 903167
Laufzeit: 3 Stunde(n), 18 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 16

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\CryptLoad_1.1.6\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\CryptLoad_1.1.6\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.
C:\Program Files\Visions\updater.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
C:\Program Files\Visions\Visions.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\download\svcnost.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
J:\GAMES\L2gracia\system\engine.dll (Malware.Packer.T) -> Quarantined and deleted successfully.
J:\GAMES\L2gracia\system\l2.exe (Malware.Packer.T) -> Quarantined and deleted successfully.
J:\GAMES\L2gracia\system\nwindow.dll (Malware.Packer.T) -> Quarantined and deleted successfully.
J:\Rips\cryptload\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
J:\Rips\cryptload\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.
J:\System Volume Information\_restore{DF79250E-E0AA-485A-849F-CFEBFCFE55C1}\RP562\A0173180.dll (Malware.Packer.T) -> Quarantined and deleted successfully.
J:\System Volume Information\_restore{DF79250E-E0AA-485A-849F-CFEBFCFE55C1}\RP562\A0173183.exe (Malware.Packer.T) -> Quarantined and deleted successfully.
J:\System Volume Information\_restore{DF79250E-E0AA-485A-849F-CFEBFCFE55C1}\RP562\A0173185.dll (Malware.Packer.T) -> Quarantined and deleted successfully.
J:\System Volume Information\_restore{DF79250E-E0AA-485A-849F-CFEBFCFE55C1}\RP582\A0183551.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
J:\System Volume Information\_restore{DF79250E-E0AA-485A-849F-CFEBFCFE55C1}\RP583\A0184944.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
J:\System Volume Information\_restore{DF79250E-E0AA-485A-849F-CFEBFCFE55C1}\RP583\A0184945.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

Zitat:

J:\GAMES\L2gracia\system\engine.dll (Malware.Packer.T) -> Quarantined and deleted successfully.
J:\GAMES\L2gracia\system\l2.exe (Malware.Packer.T) -> Quarantined and deleted successfully.
J:\GAMES\L2gracia\system\nwindow.dll (Malware.Packer.T) -> Quarantined and deleted successfully.

Aus welcher Quelle stammt dieses Spiel?

Das weiß ich leider nicht mehr, ist aber schon seit über einem Jahr drauf ohne irgendwelche erkennbaren Probleme zu verursachen.

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

• Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hier das Combofix Log

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 10-11-14.02 - *** 15.11.2010  12:28:23.1.4 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.3327.2257 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\users\***\AppData\Roaming\.#
c:\users\***\AppData\Roaming\download2
c:\windows\jestertb.dll
c:\windows\VM305Cap.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2010-10-15 bis 2010-11-15  ))))))))))))))))))))))))))))))
.

2010-11-15 11:38 . 2010-11-15 11:38	--------	d-----w-	c:\users\***\AppData\Local\temp
2010-11-15 11:38 . 2010-11-15 11:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-11-15 11:11 . 2010-11-15 11:11	--------	d-----w-	c:\program files\CCleaner
2010-11-14 18:31 . 2010-11-14 18:31	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2010-11-14 18:31 . 2010-04-29 11:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-14 18:31 . 2010-11-14 18:31	--------	d-----w-	c:\programdata\Malwarebytes
2010-11-14 18:31 . 2010-11-14 18:31	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-11-14 18:31 . 2010-04-29 11:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-11-14 14:18 . 2010-11-14 14:18	--------	d-----w-	c:\users\***\AppData\Roaming\Avira
2010-11-14 14:17 . 2009-05-11 11:49	51992	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2010-11-14 14:17 . 2009-05-11 11:49	17016	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2010-11-13 19:37 . 2010-11-15 07:12	--------	d-----w-	c:\users\***\AppData\Roaming\download
2010-11-13 14:35 . 2010-11-13 14:36	--------	d-----w-	c:\program files\PATRIZIER II Gold
2010-11-13 14:00 . 2010-11-13 14:01	--------	d-----w-	c:\program files\iTunes
2010-11-13 14:00 . 2010-11-13 14:00	--------	d-----w-	c:\program files\iPod
2010-11-12 18:16 . 2010-11-14 18:37	--------	d-----w-	c:\users\***\AppData\Roaming\updates
2010-11-07 11:22 . 2010-11-07 11:22	--------	d-----w-	c:\users\***\AppData\Roaming\DVDVideoSoft
2010-11-07 11:22 . 2010-11-07 11:22	--------	d-----w-	c:\program files\Free Audio Converter
2010-10-27 13:49 . 2010-10-27 13:49	--------	d-----w-	c:\users\***\AppData\Local\AOL
2010-10-27 13:49 . 2010-10-27 13:50	--------	d-----w-	c:\program files\ICQ7.2
2010-10-17 15:32 . 2010-10-17 16:13	--------	d-----w-	c:\program files\ArcaniA - Gothic 4

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-14 22:07 . 2009-04-10 13:08	137976	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2010-11-14 22:07 . 2009-04-15 19:59	234280	----a-w-	c:\windows\system32\PnkBstrB.xtr
2010-11-14 22:07 . 2009-04-10 13:08	234280	----a-w-	c:\windows\system32\PnkBstrB.exe
2010-11-14 14:19 . 2009-04-10 12:14	60936	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-11-14 14:19 . 2009-04-10 12:14	126856	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-11-05 18:18 . 2009-06-22 10:44	15688	----a-w-	c:\windows\system32\lsdelete.exe
2010-09-28 14:44 . 2010-09-28 14:44	41984	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2010-09-28 14:44 . 2010-09-28 14:44	4184352	----a-w-	c:\windows\system32\usbaaplrc.dll
2010-09-26 17:03 . 2009-04-10 11:12	722416	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-09-21 10:49 . 2009-04-10 13:08	138056	----a-w-	c:\users\***\AppData\Roaming\PnkBstrK.sys
2010-09-21 10:49 . 2010-09-21 10:49	2434856	----a-w-	c:\windows\system32\pbsvc_bc2.exe
2010-09-21 10:49 . 2009-04-10 13:08	75064	----a-w-	c:\windows\system32\PnkBstrA.exe
2010-09-08 09:17 . 2010-09-08 09:17	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17	69632	----a-w-	c:\windows\system32\QuickTime.qts
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\opera\program\plugins\ssldivx.dll
2006-05-03 10:06	163328	--sha-r-	c:\windows\System32\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12	86280	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EVEREST AutoStart"="c:\program files\EverestUltimate\everest_start.exe" [2009-03-29 334928]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-05-15 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-29 6281760]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-11-05 524632]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-14 281768]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24\RivaTunerWrapper.exe" [2009-02-25 24576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Firefox Preloader.lnk]
backup=c:\windows\pss\Firefox Preloader.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Firefox Preloader.lnk

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10	35696	----a-w-	c:\program files\adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58	611712	----a-w-	c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305]
2005-08-05 20:15	61440	----a-w-	c:\windows\VM305_STI.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-08-30 14:06	318272	----a-w-	c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-05-15 02:03	1103216	----a-w-	c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-10 23:40	421160	----a-w-	c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-03-20 12:32	1312256	----a-w-	c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17	421888	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-09-04 20:46	1242448	----a-w-	c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44	85160	----a-w-	c:\program files\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2009-07-14 01:14	660480	----a-w-	c:\program files\Windows Defender\MSASCui.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"NCsoft Launcher"=
"igndlm.exe"=c:\program files\Download Manager\DLM.exe /windowsstart /startifwork

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-26 722416]
R2 clr_optimization_v4.0.30128_32;Microsoft .NET Framework NGEN v4.0.30128_X86;c:\windows\Microsoft.NET\Framework\v4.0.30128\mscorsvw.exe [2010-01-27 130384]
R2 gupdate1c9e52371fc05bc;Google Update Service (gupdate1c9e52371fc05bc);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-04 133104]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-11-05 1029456]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-06-04 2846037]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe [2010-01-27 738656]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-06-22 64160]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-14 135336]
S2 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\plcndis5.sys [2004-05-17 17280]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2010-06-23 715512]
S3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\Drivers\usbVM305.sys [2006-05-08 391688]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - EverestDriver
.
Inhalt des "geplante Tasks" Ordners

2010-11-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-04 14:47]

2010-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-04 14:47]

2010-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-04 14:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:50370
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\c9pr42gr.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\c9pr42gr.default\extensions\glasser@sixxgate.com\components\dwmxpcom.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\VLC\npvlc.dll
FF - plugin: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\c9pr42gr.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-PlayNC Launcher - (no file)
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-39625412-3045556358-3922673593-1000\Software\SecuROM\License information*]
"datasecu"=hex:42,17,60,12,4f,60,2e,4c,b8,ea,67,ee,6d,eb,e0,a6,04,39,a4,6e,97,
   a9,46,c4,03,17,95,bf,c9,74,11,7b,9d,82,cf,f5,b8,a8,ba,18,9e,ef,7c,2e,83,a1,\
"rkeysecu"=hex:41,c7,f9,c3,31,b4,39,2c,b8,19,5a,19,43,be,d5,ae

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-11-15  12:42:09
ComboFix-quarantined-files.txt  2010-11-15 11:42

Vor Suchlauf: 10 Verzeichnis(se), 131.773.739.008 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 131.715.272.704 Bytes frei

- - End Of File - - 0A229073AF6B25BF68D7CB184C420401
         

--- --- ---

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

• Doppelklick auf die MBRCheck.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Das Tool braucht nur eine Sekunde.
• Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Ok GMER hat nicht funktioniert bzw mir einen Bluecreen gebaut
Osam Log:

OSAM Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:23:26 on 15.11.2010

OS: Windows 7 Ultimate Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.12

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\Windows\system32\lsdelete.exe  (File found, but it contains no detailed information)

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"bdeadmin.cpl" - ? - C:\Windows\system32\bdeadmin.cpl
"ibmgr.cpl" - "Borland Software Corporation." - C:\Windows\system32\ibmgr.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"adfs" (adfs) - "Adobe Systems, Inc." - C:\Windows\system32\drivers\adfs.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Tilman\AppData\Local\Temp\catchme.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\Windows\system32\DRIVERS\ENTECH.sys
"giveio" (giveio) - ? - C:\Windows\System32\giveio.sys  (File found, but it contains no detailed information)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"Lavalys EVEREST Kernel Driver" (EverestDriver) - ? - C:\Program Files\EverestUltimate\kerneld.wnt  (File found, but it contains no detailed information)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"npkcrypt" (npkcrypt) - "INCA Internet Co., Ltd." - C:\Program Files\Lineage II\system\npkcrypt.sys
"PLCNDIS5 NDIS Protocol Driver" (PLCNDIS5) - "Intellon, Inc." - C:\Windows\system32\plcndis5.sys
"RivaTuner32" (RivaTuner32) - ? - C:\Program Files\RivaTuner v2.24\RivaTuner32.sys  (File found, but it contains no detailed information)
"SCDEmu" (SCDEmu) - "PowerISO Computing, Inc." - C:\Windows\system32\drivers\SCDEmu.sys
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\speedfan.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\Windows\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\Windows\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\Windows\System32\drivers\sfsync02.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office\MLSHEXT.DLL
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} "PowerISO" - "PowerISO Computing, Inc." - C:\Program Files\PowerISO\PWRISOSH.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{30351346-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{30351347-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{30351348-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134A-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134B-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134C-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134D-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134E-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134F-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{30351350-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{C5994560-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994561-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994562-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994563-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994564-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994565-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994566-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994567-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994568-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\VirtualCloneDrive\ElbyVCDShell.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{4871A87A-BFDD-4106-8153-FFDE2BAC2967} "DLM Control" - "Akamai Technologies, Inc." - C:\Windows\DOWNLO~1\DOWNLO~1.OCX / hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Tilman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"EVEREST AutoStart" - ? - C:\Program Files\EverestUltimate\everest_start.exe  (File found, but it contains no detailed information)
"igndlm.exe" - "IGN Entertainment" - C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Ad-Watch" - "Lavasoft" - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"RivaTunerStartupDaemon" - ? - "C:\Program Files\RivaTuner v2.24\RivaTunerWrapper.exe" /S
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1c9e52371fc05bc)" (gupdate1c9e52371fc05bc) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"InterBase Guardian" (InterBaseGuardian) - "Borland Software Corporation" - C:\Program Files\Borland\InterBase\bin\ibguard.exe
"InterBase Server" (InterBaseServer) - "Borland Software Corporation" - C:\Program Files\Borland\InterBase\bin\ibserver.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
"Microsoft .NET Framework NGEN v4.0.30128_X86" (clr_optimization_v4.0.30128_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30128\mscorsvw.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"TunngleService" (TunngleService) - "Tunngle.net GmbH" - C:\Program Files\Tunngle\TnglCtrl.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


MBR Log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x0000035d

Kernel Drivers (total 167):
0x82E48000 \SystemRoot\system32\ntkrnlpa.exe
0x82E11000 \SystemRoot\system32\halmacpi.dll
0x80BB3000 \SystemRoot\system32\kdcom.dll
0x8BC0B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8BC83000 \SystemRoot\system32\PSHED.dll
0x8BC94000 \SystemRoot\system32\BOOTVID.dll
0x8BC9C000 \SystemRoot\system32\CLFS.SYS
0x8BCDE000 \SystemRoot\system32\CI.dll
0x8BD89000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8BE22000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8BE30000 \SystemRoot\system32\DRIVERS\pci.sys
0x8BF5B000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8BF64000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8BF8A000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8BFD2000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8BFDD000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8BFE5000 \SystemRoot\System32\drivers\partmgr.sys
0x8BE00000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8C035000 \SystemRoot\System32\drivers\volmgrx.sys
0x8C080000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8C087000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8C095000 \SystemRoot\System32\drivers\mountmgr.sys
0x8C0B1000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8C0BA000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8C0DD000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8C0E6000 \SystemRoot\system32\drivers\fltmgr.sys
0x8C11A000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C12B000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x8C23A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C369000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C394000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C13A000 \SystemRoot\System32\Drivers\cng.sys
0x8C3A7000 \SystemRoot\System32\drivers\pcw.sys
0x8C3B5000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C403000 \SystemRoot\system32\drivers\ndis.sys
0x8C4BA000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C4F8000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C632000 \SystemRoot\System32\drivers\tcpip.sys
0x8C77B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C7AC000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8C7B5000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8C7F4000 \SystemRoot\System32\Drivers\spldr.sys
0x8C7FC000 \SystemRoot\system32\speedfan.sys
0x8C600000 \SystemRoot\System32\drivers\sfhlp02.sys
0x8C51D000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C619000 \SystemRoot\System32\Drivers\mup.sys
0x8C629000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C631000 \SystemRoot\system32\giveio.sys
0x8C54A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C57C000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C58D000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8C5D7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C5F6000 \SystemRoot\System32\Drivers\Null.SYS
0x8C3BE000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C3C5000 \SystemRoot\System32\drivers\vga.sys
0x8C3D1000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C3F2000 \SystemRoot\System32\drivers\watchdog.sys
0x8C200000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C208000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C210000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8C218000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C223000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C197000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C1AE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8BE5A000 \SystemRoot\system32\drivers\afd.sys
0x8C1B9000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C231000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8C000000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C01F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8BEB4000 \SystemRoot\system32\DRIVERS\serial.sys
0x8C1EB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8BECE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C02D000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8BEDE000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x8BEEC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8BF2D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8BF37000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C0AB000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x8BF41000 \SystemRoot\System32\drivers\discache.sys
0x9123A000 \SystemRoot\system32\drivers\csc.sys
0x9129E000 \SystemRoot\System32\Drivers\dfsc.sys
0x912B6000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x912C4000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x912E7000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x912E9000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x9130A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x91826000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x922A4000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x922A6000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9235D000 \SystemRoot\System32\drivers\dxgmms1.sys
0x92396000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x923A1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x923EC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x91800000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9181F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x9131C000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x91348000 \SystemRoot\system32\DRIVERS\fdc.sys
0x91353000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x9135B000 \SystemRoot\system32\DRIVERS\serenum.sys
0x91365000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9137D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9138A000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x91397000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x913A9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x913C1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x913CC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x91200000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x91218000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x92607000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9261E000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x92628000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x92635000 \SystemRoot\system32\DRIVERS\VClone.sys
0x92640000 \SystemRoot\system32\DRIVERS\swenum.sys
0x92642000 \SystemRoot\system32\DRIVERS\ks.sys
0x92676000 \SystemRoot\system32\DRIVERS\umbus.sys
0x92684000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x926C8000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x926D2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x92E0B000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9301A000 \SystemRoot\system32\drivers\portcls.sys
0x93049000 \SystemRoot\system32\drivers\drmk.sys
0x93062000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9306F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9307A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x93083000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x93094000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9309F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x930B2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x930B9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x930BB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x99630000 \SystemRoot\System32\win32k.sys
0x930C6000 \SystemRoot\System32\drivers\Dxapi.sys
0x930D0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x930E7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x930F2000 \SystemRoot\System32\Drivers\usbVM305.sys
0x93152000 \SystemRoot\System32\Drivers\STREAM.SYS
0x99890000 \SystemRoot\System32\TSDDD.dll
0x998C0000 \SystemRoot\System32\cdd.dll
0x998E0000 \SystemRoot\System32\ATMFD.DLL
0x93160000 \SystemRoot\system32\drivers\luafv.sys
0x9317B000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x93190000 \SystemRoot\system32\drivers\WudfPf.sys
0x931AA000 \SystemRoot\system32\plcndis5.sys
0x931AF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x931BF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x926E3000 \SystemRoot\system32\drivers\HTTP.sys
0x931D2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x931EB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x92768000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9278B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x927C6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x927E1000 \SystemRoot\System32\Drivers\adfs.SYS
0x9F406000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x9F449000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x9F44E000 \SystemRoot\system32\drivers\peauth.sys
0x9F4E5000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9F4EF000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9F510000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9F51D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9F56C000 \SystemRoot\System32\DRIVERS\srv.sys
0x9F5BD000 \??\C:\Program Files\RivaTuner v2.24\RivaTuner32.sys
0x9F5C0000 \??\C:\Program Files\EverestUltimate\kerneld.wnt
0x9F5CA000 \SystemRoot\system32\DRIVERS\L1E62x86.sys
0xAB03E000 \SystemRoot\system32\drivers\spsys.sys
0x77700000 \Windows\System32\ntdll.dll
0x477C0000 \Windows\System32\smss.exe
0x77940000 \Windows\System32\apisetschema.dll

Processes (total 54):
0 System Idle Process
4 System
380 C:\Windows\System32\smss.exe
572 csrss.exe
640 C:\Windows\System32\wininit.exe
652 csrss.exe
700 C:\Windows\System32\services.exe
716 C:\Windows\System32\lsass.exe
724 C:\Windows\System32\lsm.exe
844 C:\Windows\System32\winlogon.exe
876 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\nvvsvc.exe
1012 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\audiodg.exe
1424 C:\Windows\System32\svchost.exe
1540 C:\Windows\System32\svchost.exe
1616 C:\Windows\System32\nvvsvc.exe
1668 C:\Windows\System32\spoolsv.exe
1696 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1716 C:\Windows\System32\svchost.exe
1844 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1872 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1908 C:\Program Files\Bonjour\mDNSResponder.exe
1932 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1940 C:\Windows\System32\conhost.exe
1980 C:\Windows\System32\svchost.exe
2008 C:\Program Files\Borland\InterBase\bin\ibguard.exe
528 C:\Windows\System32\PnkBstrA.exe
536 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1028 C:\Windows\System32\svchost.exe
2184 C:\Windows\System32\dwm.exe
2224 C:\Windows\explorer.exe
2240 C:\Windows\System32\taskhost.exe
2592 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
2740 C:\Windows\RtHDVCpl.exe
2748 C:\Windows\VM305_STI.EXE
2768 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2836 C:\Program Files\iTunes\iTunesHelper.exe
2860 C:\Program Files\Windows Sidebar\sidebar.exe
3128 C:\Program Files\EverestUltimate\everest.exe
3744 C:\Windows\System32\SearchIndexer.exe
3892 C:\Program Files\iPod\bin\iPodService.exe
3944 C:\Program Files\Borland\InterBase\bin\ibserver.exe
3996

Das Ende vom MBR-Log fehlt...

Dachte mir schon, dass da was nicht ganz stimmt... Hier nochmal:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x0000035d

Kernel Drivers (total 166):
0x82E48000 \SystemRoot\system32\ntkrnlpa.exe
0x82E11000 \SystemRoot\system32\halmacpi.dll
0x80BB3000 \SystemRoot\system32\kdcom.dll
0x8BC0B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8BC83000 \SystemRoot\system32\PSHED.dll
0x8BC94000 \SystemRoot\system32\BOOTVID.dll
0x8BC9C000 \SystemRoot\system32\CLFS.SYS
0x8BCDE000 \SystemRoot\system32\CI.dll
0x8BD89000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8BE22000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8BE30000 \SystemRoot\system32\DRIVERS\pci.sys
0x8BF5B000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8BF64000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8BF8A000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8BFD2000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8BFDD000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8BFE5000 \SystemRoot\System32\drivers\partmgr.sys
0x8BE00000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8C035000 \SystemRoot\System32\drivers\volmgrx.sys
0x8C080000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8C087000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8C095000 \SystemRoot\System32\drivers\mountmgr.sys
0x8C0B1000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8C0BA000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8C0DD000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8C0E6000 \SystemRoot\system32\drivers\fltmgr.sys
0x8C11A000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C12B000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x8C23A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C369000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C394000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C13A000 \SystemRoot\System32\Drivers\cng.sys
0x8C3A7000 \SystemRoot\System32\drivers\pcw.sys
0x8C3B5000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C403000 \SystemRoot\system32\drivers\ndis.sys
0x8C4BA000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C4F8000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C632000 \SystemRoot\System32\drivers\tcpip.sys
0x8C77B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C7AC000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8C7B5000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8C7F4000 \SystemRoot\System32\Drivers\spldr.sys
0x8C7FC000 \SystemRoot\system32\speedfan.sys
0x8C600000 \SystemRoot\System32\drivers\sfhlp02.sys
0x8C51D000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C619000 \SystemRoot\System32\Drivers\mup.sys
0x8C629000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C631000 \SystemRoot\system32\giveio.sys
0x8C54A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C57C000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C58D000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8C5D7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C5F6000 \SystemRoot\System32\Drivers\Null.SYS
0x8C3BE000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C3C5000 \SystemRoot\System32\drivers\vga.sys
0x8C3D1000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C3F2000 \SystemRoot\System32\drivers\watchdog.sys
0x8C200000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C208000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C210000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8C218000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C223000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C197000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C1AE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8BE5A000 \SystemRoot\system32\drivers\afd.sys
0x8C1B9000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C231000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8C000000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C01F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8BEB4000 \SystemRoot\system32\DRIVERS\serial.sys
0x8C1EB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8BECE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C02D000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8BEDE000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x8BEEC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8BF2D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8BF37000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C0AB000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x8BF41000 \SystemRoot\System32\drivers\discache.sys
0x9123A000 \SystemRoot\system32\drivers\csc.sys
0x9129E000 \SystemRoot\System32\Drivers\dfsc.sys
0x912B6000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x912C4000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x912E7000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x912E9000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x9130A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x91826000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x922A4000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x922A6000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9235D000 \SystemRoot\System32\drivers\dxgmms1.sys
0x92396000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x923A1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x923EC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x91800000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9181F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x9131C000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x91348000 \SystemRoot\system32\DRIVERS\fdc.sys
0x91353000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x9135B000 \SystemRoot\system32\DRIVERS\serenum.sys
0x91365000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9137D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9138A000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x91397000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x913A9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x913C1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x913CC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x91200000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x91218000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x92607000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9261E000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x92628000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x92635000 \SystemRoot\system32\DRIVERS\VClone.sys
0x92640000 \SystemRoot\system32\DRIVERS\swenum.sys
0x92642000 \SystemRoot\system32\DRIVERS\ks.sys
0x92676000 \SystemRoot\system32\DRIVERS\umbus.sys
0x92684000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x926C8000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x926D2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x92E0B000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9301A000 \SystemRoot\system32\drivers\portcls.sys
0x93049000 \SystemRoot\system32\drivers\drmk.sys
0x93062000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9306F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9307A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x93083000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x93094000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9309F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x930B2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x930B9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x930BB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x99630000 \SystemRoot\System32\win32k.sys
0x930C6000 \SystemRoot\System32\drivers\Dxapi.sys
0x930D0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x930E7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x930F2000 \SystemRoot\System32\Drivers\usbVM305.sys
0x93152000 \SystemRoot\System32\Drivers\STREAM.SYS
0x99890000 \SystemRoot\System32\TSDDD.dll
0x998C0000 \SystemRoot\System32\cdd.dll
0x998E0000 \SystemRoot\System32\ATMFD.DLL
0x93160000 \SystemRoot\system32\drivers\luafv.sys
0x9317B000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x93190000 \SystemRoot\system32\drivers\WudfPf.sys
0x931AA000 \SystemRoot\system32\plcndis5.sys
0x931AF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x931BF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x926E3000 \SystemRoot\system32\drivers\HTTP.sys
0x931D2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x931EB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x92768000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9278B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x927C6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x927E1000 \SystemRoot\System32\Drivers\adfs.SYS
0x9F406000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x9F449000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x9F44E000 \SystemRoot\system32\drivers\peauth.sys
0x9F4E5000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9F4EF000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9F510000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9F51D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9F56C000 \SystemRoot\System32\DRIVERS\srv.sys
0x9F5BD000 \??\C:\Program Files\RivaTuner v2.24\RivaTuner32.sys
0x9F5C0000 \??\C:\Program Files\EverestUltimate\kerneld.wnt
0x9F5CA000 \SystemRoot\system32\DRIVERS\L1E62x86.sys
0x77700000 \Windows\System32\ntdll.dll
0x477C0000 \Windows\System32\smss.exe
0x77940000 \Windows\System32\apisetschema.dll

Processes (total 56):
0 System Idle Process
4 System
380 C:\Windows\System32\smss.exe
572 csrss.exe
640 C:\Windows\System32\wininit.exe
652 csrss.exe
700 C:\Windows\System32\services.exe
716 C:\Windows\System32\lsass.exe
724 C:\Windows\System32\lsm.exe
844 C:\Windows\System32\winlogon.exe
876 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\nvvsvc.exe
1012 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\audiodg.exe
1424 C:\Windows\System32\svchost.exe
1540 C:\Windows\System32\svchost.exe
1616 C:\Windows\System32\nvvsvc.exe
1668 C:\Windows\System32\spoolsv.exe
1696 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1716 C:\Windows\System32\svchost.exe
1844 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1872 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1908 C:\Program Files\Bonjour\mDNSResponder.exe
1932 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1940 C:\Windows\System32\conhost.exe
1980 C:\Windows\System32\svchost.exe
2008 C:\Program Files\Borland\InterBase\bin\ibguard.exe
528 C:\Windows\System32\PnkBstrA.exe
536 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1028 C:\Windows\System32\svchost.exe
2184 C:\Windows\System32\dwm.exe
2224 C:\Windows\explorer.exe
2240 C:\Windows\System32\taskhost.exe
2592 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
2740 C:\Windows\RtHDVCpl.exe
2748 C:\Windows\VM305_STI.EXE
2768 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2836 C:\Program Files\iTunes\iTunesHelper.exe
2860 C:\Program Files\Windows Sidebar\sidebar.exe
3128 C:\Program Files\EverestUltimate\everest.exe
3744 C:\Windows\System32\SearchIndexer.exe
3892 C:\Program Files\iPod\bin\iPodService.exe
3944 C:\Program Files\Borland\InterBase\bin\ibserver.exe
3996 C:\Windows\System32\svchost.exe
2068 C:\Windows\System32\taskhost.exe
4752 C:\Program Files\Windows Media Player\wmpnetwk.exe
6056 C:\Windows\System32\svchost.exe
1244 C:\Program Files\Mozilla Firefox\firefox.exe
4432 C:\Program Files\VLC\vlc.exe
884 C:\Program Files\Mozilla Firefox\plugin-container.exe
5540 C:\Users\Tilman\Desktop\trojaner logs\MBRCheck.exe
5548 C:\Windows\System32\conhost.exe
5576 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\I: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\J: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD7500AACS-65D6B0, Rev: 01.01A01
PhysicalDrive1 Model Number: ST3300831AS, Rev: 3.03
PhysicalDrive2 Model Number: WDC WD5000AAVS-00ZTB0, Rev:

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
279 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
465 GB \\.\PhysicalDrive2 MBR Code Faked!
SHA1: 5769CE717FCCA842B5B0B78FED21ADDA64A80B5C


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Zitat:

PhysicalDrive2 Model Number: WDC WD5000AAVS-00ZTB0
465 GB \\.\PhysicalDrive2 MBR Code Faked!
SHA1: 5769CE717FCCA842B5B0B78FED21ADDA64A80B5C

Ist Laufwerk J: - wird das Teil nur als Datenplatte benutzt? Extern oder intern?

J ist meine externe Festplatte. Da sind halt alle möglichen Sachen drauf, Backups, Spiele, Fotos etc.

Ok, dann geht's so i.O. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

MBAM Log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5124

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.11.2010 14:46:33
mbam-log-2010-11-16 (14-46-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|I:\|J:\|)
Durchsuchte Objekte: 890228
Laufzeit: 3 Stunde(n), 31 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Super Anti spyware Log

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 11/16/2010 at 09:11 PM

Application Version : 4.45.1000

Core Rules Database Version : 5767
Trace Rules Database Version: 3579

Scan type : Complete Scan
Total Scan Time : 06:12:09

Memory items scanned : 819
Memory threats detected : 0
Registry items scanned : 9299
Registry threats detected : 0
File items scanned : 750745
File threats detected : 7

Trojan.Agent/Gen-FakeAV
C:\PROGRAM FILES\WINRAR\DEFAULT.SFX

Adware.Tracking Cookie
inwmedia.net [ C:\Users\Tilman\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ETQZ2P4C ]

Trojan.Agent/Gen-ReLoader
C:\USERS\TILMAN\PROGRAMMIERUNG\VB_EBOOK_1\MENUPROGRAMM.EXE
J:\PROGRAMMIERUNG\VB_EBOOK_1\MENUPROGRAMM.EXE

Adware.Vundo/Variant-X32[Header]
C:\WINDOWS\SYSTEM32\WSIWIN32.DLL
J:\RIPS\DELPHI7\INSTALL\SYSTEM32\WSIWIN32.DLL

Trojan.Agent/Gen-Krpytik
J:\SYSTEM VOLUME INFORMATION\_RESTORE{DF79250E-E0AA-485A-849F-CFEBFCFE55C1}\RP583\A0184946.EXE



Da hat er wohl noch was gefunden.